Re: [Openvpn-devel] [PATCH v2] More broadly enforce Allman style and braces-around-conditionals
Hi, On Fri, Dec 23, 2016 at 11:40:54PM +0100, Steffan Karger wrote: > This patch replaces the "Add nl_for_brace=add to uncrustify.conf" patch. > > v2: also add nl_do_brace=add and mod_full_brace_do=add > > dev-tools/uncrustify.conf | 8 + [..] > diff --git a/dev-tools/uncrustify.conf b/dev-tools/uncrustify.conf > index 95e0b2a..d8ea870 100644 > --- a/dev-tools/uncrustify.conf > +++ b/dev-tools/uncrustify.conf > @@ -9,6 +9,11 @@ nl_brace_else=add > nl_elseif_brace=add > nl_else_brace=add > nl_else_if=remove > +nl_for_brace=add > +nl_while_brace=add > +nl_switch_brace=add > +nl_fdef_brace=add > +nl_do_brace=add > sp_func_proto_paren=Remove > sp_func_def_paren=Remove > sp_func_call_paren=Remove > @@ -44,6 +49,9 @@ nl_after_func_proto=2 > # Always use scoping braces for conditionals > mod_full_brace_if=add > mod_full_brace_if_chain=false > +mod_full_brace_while=add > +mod_full_brace_for=add > +mod_full_brace_do=add > > # Annotate #else and #endif statements > mod_add_long_ifdef_endif_comment=20 Both the conceptual change / uncrustify.conf and the actual code changes look reasonable and "fully according to how I interpret our CodingStyle wiki". So ACK. As per the previous reformatting discussions, lets put this into master and 2.4-after-2.4.0 gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de signature.asc Description: PGP signature -- Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/intel___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH] Feedback wanted: proof-of-concept recvmmsg() support
This patch is not done, but I would like to get some early feedback because I'm not very familiar with this part of the code, nor with the APIs involved. So I expect to have made some rooky mistakes. A while back, I experimented a bit with recvmmsg(), to see if using it would yield some performance gain. Simple tests (I don't have a good stress test setup handy) indicate that this improves throughput by a few percent. I would expect more gain on the server side for P2MP servers though, where multiple client can be spamming the server at once. What definitely still needs to be done: * Improve error messages * Improve documentation (doxygen, openvpn.8, Changes.rst) * Figure out good default values So, please, let me know what you think of the code. And if you do have a good setup for performance testing, I'd love to hear what this change does for you. XXX step towards dynamic allocation (still working) further move towards dynamic alloc init more-or-less-properly (no alloc yet) dynamic alloc refactor1 Signed-off-by: Steffan Kargerrefactor2 Signed-off-by: Steffan Karger refactor3 Finish prototype code --- configure.ac | 2 +- src/openvpn/forward.c | 3 +- src/openvpn/init.c| 7 +++ src/openvpn/integer.h | 7 +++ src/openvpn/options.c | 6 ++ src/openvpn/options.h | 1 + src/openvpn/socket.c | 152 +++--- src/openvpn/socket.h | 43 ++ 8 files changed, 210 insertions(+), 11 deletions(-) diff --git a/configure.ac b/configure.ac index 43487b0..6bfb600 100644 --- a/configure.ac +++ b/configure.ac @@ -672,7 +672,7 @@ AC_SUBST([SOCKETS_LIBS]) old_LIBS="${LIBS}" LIBS="${LIBS} ${SOCKETS_LIBS}" -AC_CHECK_FUNCS([sendmsg recvmsg]) +AC_CHECK_FUNCS([sendmsg recvmsg sendmmsg recvmmsg]) # Windows use stdcall for winsock so we cannot auto detect these m4_define( [SOCKET_FUNCS], diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 8102e94..0c6af66 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -1754,7 +1754,8 @@ io_wait_dowork(struct context *c, const unsigned int flags) if (!c->sig->signal_received) { -if (!(flags & IOW_CHECK_RESIDUAL) || !socket_read_residual(c->c2.link_socket)) +if ((!(flags & IOW_CHECK_RESIDUAL) || !socket_read_residual(c->c2.link_socket)) +&& !openvpn_mmsg_ctx_available(>c2.link_socket->recvmmsg_ctx)) { int status; diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 4ff7725..1996d4d 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -3157,6 +3157,13 @@ do_init_socket_2(struct context *c) { link_socket_init_phase2(c->c2.link_socket, >c2.frame, c->sig); + +if (c->options.sockflags | SF_USE_IP_PKTINFO) +{ +openvpn_mmsg_ctx_init(>c2.link_socket->recvmmsg_ctx, + BUF_SIZE(>c2.frame), + c->options.recvmmsg_buf_count); +} } /* diff --git a/src/openvpn/integer.h b/src/openvpn/integer.h index 5ea32c4..8ea6708 100644 --- a/src/openvpn/integer.h +++ b/src/openvpn/integer.h @@ -31,6 +31,13 @@ * min/max functions */ +#ifndef MIN +#define MIN(a,b) (((a)<(b)) ? (a) : (b)) +#endif +#ifndef MAX +#define MAX(a,b) (((a)>(b)) ? (a) : (b)) +#endif + static inline int max_int(int x, int y) { diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 953e376..cf08186 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -811,6 +811,7 @@ init_options(struct options *o, const bool init_gc) o->resolve_retry_seconds = RESOLV_RETRY_INFINITE; o->resolve_in_advance = false; o->proto_force = -1; +o->recvmmsg_buf_count = 16; #ifdef ENABLE_OCC o->occ = true; #endif @@ -5655,6 +5656,11 @@ add_option(struct options *options, VERIFY_PERMISSION(OPT_P_GENERAL); options->sockflags |= SF_USE_IP_PKTINFO; } +else if (streq(p[0], "recvmmsg-buf-count") && p[1] && !p[2]) +{ +VERIFY_PERMISSION(OPT_P_GENERAL); +options->recvmmsg_buf_count = strtoul(p[1], NULL, 10); +} #endif else if (streq(p[0], "verb") && p[1] && !p[2]) { diff --git a/src/openvpn/options.h b/src/openvpn/options.h index b3ab029..9b3897e 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -325,6 +325,7 @@ struct options /* socket flags */ unsigned int sockflags; +size_t recvmmsg_buf_count; /* route management */ const char *route_script; diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index ae12832..c0fa8d4 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -55,6 +55,13 @@ const int proto_overhead[] = { /* indexed by PROTO_x */ IPv6_TCP_HEADER_SIZE, }; +#ifdef HAVE_RECVMMSG +/** Free all memory allocated within ctx */ +void openvpn_mmsg_ctx_cleanup(struct openvpn_mmsg_ctx *ctx); +#else +#define
Re: [Openvpn-devel] [PATCH applied] docs: Further enhance the documentation related to SWEET32
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Your patch has been applied to the following branches commit a256aee8e70ceb7059b9da69bc3e7cccbd094916 (master) commit 203d7c8b1fdab065aa0b2a522abe00dc39fa433a (release/2.4) Author: David Sommerseth Date: Fri Dec 23 17:07:44 2016 +0100 docs: Further enhance the documentation related to SWEET32 Signed-off-by: David SommersethAcked-by: Steffan Karger Message-Id: <1482509264-24550-1-git-send-email-dav...@openvpn.net> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13682.html - -- kind regards, David Sommerseth -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJYXmKAAAoJEIbPlEyWcf3yLuEP/0dhBpaqRi07Uw26CJ3dEoF/ B4/Xe9wAxth+/NQDh5x+XUAQEr5aOH8bDi7NMn+ZZ+oA180CudK4nJm9xZOA7jCS Po/BeQf6zeEgfNxOtrKELMrJpquM5sH4+RV33Do4RJjbdA9e9TEt/mMa049C+N88 IRZ7z4Fx+F40do9Zp7Kw6SYJixfZHiPi0hutKaXb9NQ8KLvHAz5GApeuXILCy7Js N1DiSgzccS3eTLuzviLQRj1iUvNipgHkU0Wy7FtJ6x8oY9XuWiorQn8q+wuDwWqr IR8BHRDqklJNLYe1nP0WebPBRIcCKUqDW3NXsSY2eqRoXZWSUTMO/KPQ4Z2BLfJc 2S3Ttl+9L9PMN/KL7/a0yeX/Qbj3+i0yzSQx9I3Tk7M0bQPsf4avnyfpBtrbEK5D +KWZI+UR+YOuYUvnjCzfuogiJCcxS4UX5P6ags3xQ7rnzZY5ns5SeDAlach0sGKZ EpnLbOLr5FTVsMGHL2iuTvDX3cdYFzrK6q/q1vPY7De9313UgciPT6afNslPLNKR 3Ilvx7EBrCv4IzVONHouRkoQ13kJ3+m6ULk/riH+YYmGHZqfXhfoTRrax/XGOmCl DamG2Dz46E5osu1ZDRQlt9vqdANH2Xs26ygNmz7W1d/90GqMSxSIGaRnMJKvgyyN 5d6xi5m6svD91twiFL0i =8kEi -END PGP SIGNATURE- -- Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/intel ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH 1/1] do not race on RuntimeDirectory
On 16/12/16 22:00, Christian Hesse wrote: > From: Christian Hesse> > Different unit instances create and destroy the same RuntimeDirectory. > This leads to running instances where the status file (and possibly > more runtime data) is no longer accessible. > > So do not handle this in unit files but provide a tmpfiles.d > configuration and let systemd-tmpfiles do the work. > Nobody will (unintentionally) delete the directories and its content. > As /run is volatile we do not have to care about cleanup. > > Signed-off-by: Christian Hesse > --- > distro/systemd/openvpn-client@.service | 2 -- > distro/systemd/openvpn-server@.service | 2 -- > distro/systemd/openvpn.conf| 2 ++ > 3 files changed, 2 insertions(+), 4 deletions(-) > create mode 100644 distro/systemd/openvpn.conf > > diff --git a/distro/systemd/openvpn-client@.service > b/distro/systemd/openvpn-client@.service > index 5618af3..1187ee8 100644 > --- a/distro/systemd/openvpn-client@.service > +++ b/distro/systemd/openvpn-client@.service > @@ -9,8 +9,6 @@ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO > [Service] > Type=notify > PrivateTmp=true > -RuntimeDirectory=openvpn-client > -RuntimeDirectoryMode=0710 > WorkingDirectory=/etc/openvpn/client > ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config %i.conf > CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID > CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE > diff --git a/distro/systemd/openvpn-server@.service > b/distro/systemd/openvpn-server@.service > index b9b4dba..25a6bb7 100644 > --- a/distro/systemd/openvpn-server@.service > +++ b/distro/systemd/openvpn-server@.service > @@ -9,8 +9,6 @@ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO > [Service] > Type=notify > PrivateTmp=true > -RuntimeDirectory=openvpn-server > -RuntimeDirectoryMode=0710 > WorkingDirectory=/etc/openvpn/server > ExecStart=/usr/sbin/openvpn --status %t/openvpn-server/status-%i.log > --status-version 2 --suppress-timestamps --config %i.conf > CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE > CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE > diff --git a/distro/systemd/openvpn.conf b/distro/systemd/openvpn.conf > new file mode 100644 > index 000..bb79671 > --- /dev/null > +++ b/distro/systemd/openvpn.conf > @@ -0,0 +1,2 @@ > +d /run/openvpn-client 0710 root root - > +d /run/openvpn-server 0710 root root - > ACK This works as expected from debian8/systemd 215 to arch/systemd 232 -- -- Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/intel ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel