[Openvpn-devel] [PATCH 3/4] Add gc_arena to struct argv to save allocations

[David Sommerseth]

From: Heiko Hund 

With the private gc_arena we do not have to allocate the strings
found during parsing again, since we know the arena they are
allocated in is valid as long as the argv vector is.

Signed-off-by: Heiko Hund 
Signed-off-by: David Sommerseth 
---
 src/openvpn/argv.c   | 50 
 src/openvpn/argv.h   |  1 +
 tests/unit_tests/openvpn/test_argv.c | 23 +
 3 files changed, 45 insertions(+), 29 deletions(-)

diff --git a/src/openvpn/argv.c b/src/openvpn/argv.c
index 4f7aa4e5..7d949d24 100644
--- a/src/openvpn/argv.c
+++ b/src/openvpn/argv.c
@@ -47,12 +47,11 @@ argv_extend(struct argv *a, const size_t newcap)
 {
 char **newargv;
 size_t i;
-ALLOC_ARRAY_CLEAR(newargv, char *, newcap);
+ALLOC_ARRAY_CLEAR_GC(newargv, char *, newcap, &a->gc);
 for (i = 0; i < a->argc; ++i)
 {
 newargv[i] = a->argv[i];
 }
-free(a->argv);
 a->argv = newargv;
 a->capacity = newcap;
 }
@@ -64,6 +63,7 @@ argv_init(struct argv *a)
 a->capacity = 0;
 a->argc = 0;
 a->argv = NULL;
+a->gc = gc_new();
 argv_extend(a, 8);
 }
 
@@ -78,24 +78,21 @@ argv_new(void)
 void
 argv_free(struct argv *a)
 {
-size_t i;
-for (i = 0; i < a->argc; ++i)
-{
-free(a->argv[i]);
-}
-free(a->argv);
+gc_free(&a->gc);
 }
 
 static void
 argv_reset(struct argv *a)
 {
-size_t i;
-for (i = 0; i < a->argc; ++i)
+if (a->argc)
 {
-free(a->argv[i]);
-a->argv[i] = NULL;
+size_t i;
+for (i = 0; i < a->argc; ++i)
+{
+a->argv[i] = NULL;
+}
+a->argc = 0;
 }
-a->argc = 0;
 }
 
 static void
@@ -107,7 +104,7 @@ argv_grow(struct argv *a, const size_t add)
 }
 
 static void
-argv_append(struct argv *a, char *str)  /* str must have been malloced or be 
NULL */
+argv_append(struct argv *a, char *str)  /* str must have been gc_malloced or 
be NULL */
 {
 argv_grow(a, 1);
 a->argv[a->argc++] = str;
@@ -127,7 +124,7 @@ argv_clone(const struct argv *a, const size_t headroom)
 {
 for (size_t i = 0; i < a->argc; ++i)
 {
-argv_append(&r, string_alloc(a->argv[i], NULL));
+argv_append(&r, string_alloc(a->argv[i], &r.gc));
 }
 }
 return r;
@@ -138,7 +135,7 @@ argv_insert_head(const struct argv *a, const char *head)
 {
 struct argv r;
 r = argv_clone(a, 1);
-r.argv[0] = string_alloc(head, NULL);
+r.argv[0] = string_alloc(head, &r.gc);
 return r;
 }
 
@@ -222,7 +219,6 @@ argv_prep_format(const char *format, const char delim, 
size_t *count, struct gc_
 static bool
 argv_printf_arglist(struct argv *a, const char *format, va_list arglist)
 {
-struct gc_arena gc = gc_new();
 const char delim = 0x1D;  /* ASCII Group Separator (GS) */
 bool res = false;
 
@@ -236,7 +232,7 @@ argv_printf_arglist(struct argv *a, const char *format, 
va_list arglist)
  *
  */
 size_t argc = a->argc;
-char *f = argv_prep_format(format, delim, &argc, &gc);
+char *f = argv_prep_format(format, delim, &argc, &a->gc);
 if (f == NULL)
 {
 goto out;
@@ -256,8 +252,8 @@ argv_printf_arglist(struct argv *a, const char *format, 
va_list arglist)
  *  Do the actual vsnprintf() operation, which expands the format
  *  string with the provided arguments.
  */
-size_t size = len + 1;
-char *buf = gc_malloc(size, false, &gc);
+size_t size = adjust_power_of_2(len + 1);
+char *buf = gc_malloc(size, false, &a->gc);
 len = vsnprintf(buf, size, f, arglist);
 if (len < 0 || len >= size)
 {
@@ -272,11 +268,11 @@ argv_printf_arglist(struct argv *a, const char *format, 
va_list arglist)
 while (end)
 {
 *end = '\0';
-argv_append(a, string_alloc(buf, NULL));
+argv_append(a, buf);
 buf = end + 1;
 end = strchr(buf, delim);
 }
-argv_append(a, string_alloc(buf, NULL));
+argv_append(a, buf);
 
 if (a->argc != argc)
 {
@@ -287,7 +283,6 @@ argv_printf_arglist(struct argv *a, const char *format, 
va_list arglist)
 res = true;
 
 out:
-gc_free(&gc);
 return res;
 }
 
@@ -321,21 +316,18 @@ argv_parse_cmd(struct argv *a, const char *s)
 {
 argv_reset(a);
 
-struct gc_arena gc = gc_new();
 char *parms[MAX_PARMS + 1] = { 0 };
-int nparms = parse_line(s, parms, MAX_PARMS, "SCRIPT-ARGV", 0, 
D_ARGV_PARSE_CMD, &gc);
+int nparms = parse_line(s, parms, MAX_PARMS, "SCRIPT-ARGV", 0, 
D_ARGV_PARSE_CMD, &a->gc);
 if (nparms)
 {
 int i;
 for (i = 0; i < nparms; ++i)
 {
-argv_append(a, string_alloc(parms[i], NULL));
+argv_append(a, parms[i]);
 }
 }
 else
 {
-argv_append(a, string_alloc(s, NULL));
+argv_append(a, string_alloc(s, &a->gc));
 }
-
-gc_free(&gc);
 }
diff --git a/src/ope

[Openvpn-devel] [PATCH 4/4] Documented all the argv related code with minor refactoring

[David Sommerseth]

Added doxygen comments for all the functions in argv.c.

There are some slight refactoring, renaming a few variables to make
their use case more obvious and ensure lines do not break our 80-chars
per line coding style limit.

Signed-off-by: David Sommerseth 
---
 src/openvpn/argv.c | 251 +
 1 file changed, 211 insertions(+), 40 deletions(-)

diff --git a/src/openvpn/argv.c b/src/openvpn/argv.c
index 7d949d24..b799c974 100644
--- a/src/openvpn/argv.c
+++ b/src/openvpn/argv.c
@@ -40,6 +40,13 @@
 #include "env_set.h"
 #include "options.h"
 
+/**
+ *  Resizes the list of arguments struct argv can carry.  This resize
+ *  operation will only increase the size, never decrease the size.
+ *
+ *  @param *a  Valid pointer to a struct argv to resize
+ *  @param newcap  size_t with the new size of the argument list.
+ */
 static void
 argv_extend(struct argv *a, const size_t newcap)
 {
@@ -57,6 +64,12 @@ argv_extend(struct argv *a, const size_t newcap)
 }
 }
 
+/**
+ *  Initialise an already allocated struct argv.
+ *  It is expected that the input argument is a valid pointer.
+ *
+ *  @param *a  Pointer to a struct argv to initialise
+ */
 static void
 argv_init(struct argv *a)
 {
@@ -67,6 +80,12 @@ argv_init(struct argv *a)
 argv_extend(a, 8);
 }
 
+/**
+ *  Allocates a new struct argv and ensures it is initialised.
+ *  Note that it does not return a pointer, but a struct argv directly.
+ *
+ *  @returns Returns an initialised and empty struct argv.
+ */
 struct argv
 argv_new(void)
 {
@@ -75,12 +94,24 @@ argv_new(void)
 return ret;
 }
 
+/**
+ *  Frees all memory allocations allocated by the struct argv
+ *  related functions.
+ *
+ *  @param *a  Valid pointer to a struct argv to release memory from
+ */
 void
 argv_free(struct argv *a)
 {
 gc_free(&a->gc);
 }
 
+/**
+ *  Resets the struct argv to an initial state.  No memory buffers
+ *  will be released by this call.
+ *
+ *  @param *a  Valid pointer to a struct argv to resize
+ */
 static void
 argv_reset(struct argv *a)
 {
@@ -95,6 +126,19 @@ argv_reset(struct argv *a)
 }
 }
 
+/**
+ *  Extends an existing struct argv to carry minimum 'add' number
+ *  of new arguments.  This builds on argv_extend(), which ensures the
+ *  new size will only be higher than the current capacity.
+ *
+ *  The new size is also calculated based on the result of adjust_power_of_2().
+ *  This approach ensures that the list does grow bulks and only when the
+ *  current limit is reached.
+ *
+ *  @param *a   Valid pointer to the struct argv to extend
+ *  @param add  size_t with the number of elements to add.
+ *
+ */
 static void
 argv_grow(struct argv *a, const size_t add)
 {
@@ -103,15 +147,39 @@ argv_grow(struct argv *a, const size_t add)
 argv_extend(a, adjust_power_of_2(newargc));
 }
 
+/**
+ *  Appends a string to to the list of arguments stored in a struct argv
+ *  This will ensure the list size in struct argv has the needed capacity to
+ *  store the value.
+ *
+ *  @param *astruct argv where to append the new string value
+ *  @param *str  Pointer to string to append.  The provided string *MUST* have
+ *   been malloc()ed or NULL.
+ */
 static void
-argv_append(struct argv *a, char *str)  /* str must have been gc_malloced or 
be NULL */
+argv_append(struct argv *a, char *str)
 {
 argv_grow(a, 1);
 a->argv[a->argc++] = str;
 }
 
+/**
+ *  Clones a struct argv with all the contents to a new allocated struct argv.
+ *  If 'headroom' is larger than 0, it will create a head-room in front of the
+ *  values being copied from the source input.
+ *
+ *
+ *  @param *source   Valid pointer to the source struct argv to clone.  It may
+ *   be NULL.
+ *  @param headroom  Number of slots to leave empty in front of the slots
+ *   copied from the source.
+ *
+ *  @returns Returns a new struct argv containing a copy of the source
+ *   struct argv, with the given headroom in front of the copy.
+ *
+ */
 static struct argv
-argv_clone(const struct argv *a, const size_t headroom)
+argv_clone(const struct argv *source, const size_t headroom)
 {
 struct argv r;
 argv_init(&r);
@@ -120,16 +188,24 @@ argv_clone(const struct argv *a, const size_t headroom)
 {
 argv_append(&r, NULL);
 }
-if (a)
+if (source)
 {
-for (size_t i = 0; i < a->argc; ++i)
+for (size_t i = 0; i < source->argc; ++i)
 {
-argv_append(&r, string_alloc(a->argv[i], &r.gc));
+argv_append(&r, string_alloc(source->argv[i], &r.gc));
 }
 }
 return r;
 }
 
+/**
+ *  Inserts an argument string in front of all other argument slots.
+ *
+ *  @param  *a Valid pointer to the struct argv to insert the argument into
+ *  @param  *head  Pointer to the char * string with the argument to insert
+ *
+ *  @returns Returns a new struct argv with the inserted argument in front
+ */
 struct argv
 argv_inse

[Openvpn-devel] [PATCH 2/4] argv: do fewer memory re-allocations

[David Sommerseth]

From: Heiko Hund 

Prevent the re-allocations of memory when the internal argv grows
beyond 2 and 4 arguments by initially allocating argv to hold up to
7 (+ trailing NULL) pointers.

While at it rename argv_reset to argv_free to actually express
what's going on. Redo the argv_reset functionality so that it can
be used to actually reset the argv without re-allocation.

Signed-off-by: Heiko Hund 
Signed-off-by: David Sommerseth 
---
 src/openvpn/argv.c   | 81 ++--
 src/openvpn/argv.h   |  2 +-
 src/openvpn/console_systemd.c|  2 +-
 src/openvpn/init.c   | 15 ++
 src/openvpn/lladdr.c |  2 +-
 src/openvpn/multi.c  | 10 ++--
 src/openvpn/networking_iproute2.c| 23 
 src/openvpn/options.c|  2 +-
 src/openvpn/plugin.c |  2 +-
 src/openvpn/route.c  |  8 +--
 src/openvpn/socket.c |  4 +-
 src/openvpn/ssl_verify.c |  6 +--
 src/openvpn/tls_crypt.c  |  2 +-
 src/openvpn/tun.c| 38 ++---
 tests/unit_tests/openvpn/test_argv.c | 43 ++-
 15 files changed, 124 insertions(+), 116 deletions(-)

diff --git a/src/openvpn/argv.c b/src/openvpn/argv.c
index fcf61ec5..4f7aa4e5 100644
--- a/src/openvpn/argv.c
+++ b/src/openvpn/argv.c
@@ -40,34 +40,6 @@
 #include "env_set.h"
 #include "options.h"
 
-static void
-argv_init(struct argv *a)
-{
-a->capacity = 0;
-a->argc = 0;
-a->argv = NULL;
-}
-
-struct argv
-argv_new(void)
-{
-struct argv ret;
-argv_init(&ret);
-return ret;
-}
-
-void
-argv_reset(struct argv *a)
-{
-size_t i;
-for (i = 0; i < a->argc; ++i)
-{
-free(a->argv[i]);
-}
-free(a->argv);
-argv_init(a);
-}
-
 static void
 argv_extend(struct argv *a, const size_t newcap)
 {
@@ -86,6 +58,46 @@ argv_extend(struct argv *a, const size_t newcap)
 }
 }
 
+static void
+argv_init(struct argv *a)
+{
+a->capacity = 0;
+a->argc = 0;
+a->argv = NULL;
+argv_extend(a, 8);
+}
+
+struct argv
+argv_new(void)
+{
+struct argv ret;
+argv_init(&ret);
+return ret;
+}
+
+void
+argv_free(struct argv *a)
+{
+size_t i;
+for (i = 0; i < a->argc; ++i)
+{
+free(a->argv[i]);
+}
+free(a->argv);
+}
+
+static void
+argv_reset(struct argv *a)
+{
+size_t i;
+for (i = 0; i < a->argc; ++i)
+{
+free(a->argv[i]);
+a->argv[i] = NULL;
+}
+a->argc = 0;
+}
+
 static void
 argv_grow(struct argv *a, const size_t add)
 {
@@ -133,14 +145,7 @@ argv_insert_head(const struct argv *a, const char *head)
 const char *
 argv_str(const struct argv *a, struct gc_arena *gc, const unsigned int flags)
 {
-if (a->argv)
-{
-return print_argv((const char **)a->argv, gc, flags);
-}
-else
-{
-return "";
-}
+return print_argv((const char **)a->argv, gc, flags);
 }
 
 void
@@ -221,8 +226,6 @@ argv_printf_arglist(struct argv *a, const char *format, 
va_list arglist)
 const char delim = 0x1D;  /* ASCII Group Separator (GS) */
 bool res = false;
 
-argv_extend(a, 1); /* ensure trailing NULL */
-
 /*
  * Prepare a format string which will be used by vsnprintf() later on.
  *
@@ -279,7 +282,6 @@ argv_printf_arglist(struct argv *a, const char *format, 
va_list arglist)
 {
 /* Someone snuck in a GS (0x1D), fail gracefully */
 argv_reset(a);
-argv_extend(a, 1); /* ensure trailing NULL */
 goto out;
 }
 res = true;
@@ -318,7 +320,6 @@ void
 argv_parse_cmd(struct argv *a, const char *s)
 {
 argv_reset(a);
-argv_extend(a, 1); /* ensure trailing NULL */
 
 struct gc_arena gc = gc_new();
 char *parms[MAX_PARMS + 1] = { 0 };
diff --git a/src/openvpn/argv.h b/src/openvpn/argv.h
index b9105a43..989cd297 100644
--- a/src/openvpn/argv.h
+++ b/src/openvpn/argv.h
@@ -40,7 +40,7 @@ struct argv {
 
 struct argv argv_new(void);
 
-void argv_reset(struct argv *a);
+void argv_free(struct argv *a);
 
 const char *argv_str(const struct argv *a, struct gc_arena *gc, const unsigned 
int flags);
 
diff --git a/src/openvpn/console_systemd.c b/src/openvpn/console_systemd.c
index 8d9e825b..c7cf1ada 100644
--- a/src/openvpn/console_systemd.c
+++ b/src/openvpn/console_systemd.c
@@ -85,7 +85,7 @@ get_console_input_systemd(const char *prompt, const bool 
echo, char *input, cons
 }
 close(std_out);
 
-argv_reset(&argv);
+argv_free(&argv);
 
 return ret;
 }
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 04207b61..db7d1216 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -164,7 +164,7 @@ run_up_down(const char *command,
 msg(M_FATAL, "ERROR: up/down plugin call failed");
 }
 
-argv_reset(&argv);
+argv_free(&argv);
 }
 
 if (command)
@@ -177,7 +177,7 @@ run_up_down(const char *command,
 ifconfig_lo

[Openvpn-devel] [PATCH 0/4] struct argv overhaul - Feb 2020 edition

[David Sommerseth]

Hi,

I've yet again rebased the last attempt of the struct argv overhaul
patches [1] to the latest public git master [2].

This rebase just needed a few minor changes to account for changes
with tls-crypt-v2 and sitnl patches now being included.  I've also
applied Arne's review comments  [3].

To simplify the review, I've also pushed these changes to my gitlab
account:

   https://gitlab.com/dazo/openvpn.git

Look at the dev/struct-argv-overhaul-2020.02 [4] branch for the proper
commits.

This patch-set supersedes the "struct argv overhaul - Oct 2019 edition"
patches [5]

[1] 

[2] git master commit 5822e52c6b0f86f9e4de946f9fb1374c6fad95f1
[3] Message-ID: 


[4] 
[5] 


--
kind regards,

David Sommerseth
OpenVPN Inc

---

David Sommerseth (1):
  Documented all the argv related code with minor refactoring

Heiko Hund (3):
  re-implement argv_printf_*()
  argv: do fewer memory re-allocations
  Add gc_arena to struct argv to save allocations

 src/openvpn/argv.c   | 541 +--
 src/openvpn/argv.h   |   7 +-
 src/openvpn/console_systemd.c|   2 +-
 src/openvpn/init.c   |  15 +-
 src/openvpn/lladdr.c |   2 +-
 src/openvpn/multi.c  |  10 +-
 src/openvpn/networking_iproute2.c|  23 +-
 src/openvpn/options.c|   2 +-
 src/openvpn/plugin.c |   2 +-
 src/openvpn/route.c  |  16 +-
 src/openvpn/socket.c |   4 +-
 src/openvpn/ssl_verify.c |   6 +-
 src/openvpn/tls_crypt.c  |   2 +-
 src/openvpn/tun.c|  62 +--
 tests/unit_tests/openvpn/test_argv.c | 118 +-
 15 files changed, 518 insertions(+), 294 deletions(-)

-- 
2.17.1



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 1/4] re-implement argv_printf_*()

[David Sommerseth]

From: Heiko Hund 

The previous implementation had the problem that it was not fully
compatible with printf() and could only detect % format directives
following a space character (0x20).

It modifies the format string and inserts marks to separate groups
before passing it to the regular printf in libc. The marks are
later used to separate the output string into individual command
line arguments.

The choice of 0x1D as the argument delimiter is based on the
assumption that no "regular" string passed to argv_printf_*() will
ever have to contain that byte (and the fact that it actually is
the ASCII "group separator" control character, which fits its
purpose).

This commit has been updated by David Sommerseth based on Arne
Schwabe and his own feedback on the mailing list.

Signed-off-by: Heiko Hund 
Signed-off-by: David Sommerseth 

---
v2 - Improved comments, to make it even clearer what is going on
   - Switched to C99 variable declaration, closer to where used
   - Swapped out adjust_power_of_2() length calculation in
 argv_printf_arglist() to len+1, which should be good enough.
---
 src/openvpn/argv.c   | 289 +--
 src/openvpn/argv.h   |   4 +-
 src/openvpn/route.c  |   8 +-
 src/openvpn/tun.c|  24 +--
 tests/unit_tests/openvpn/test_argv.c |  58 +-
 5 files changed, 206 insertions(+), 177 deletions(-)

diff --git a/src/openvpn/argv.c b/src/openvpn/argv.c
index 9100a196..fcf61ec5 100644
--- a/src/openvpn/argv.c
+++ b/src/openvpn/argv.c
@@ -105,16 +105,15 @@ static struct argv
 argv_clone(const struct argv *a, const size_t headroom)
 {
 struct argv r;
-size_t i;
-
 argv_init(&r);
-for (i = 0; i < headroom; ++i)
+
+for (size_t i = 0; i < headroom; ++i)
 {
 argv_append(&r, NULL);
 }
 if (a)
 {
-for (i = 0; i < a->argc; ++i)
+for (size_t i = 0; i < a->argc; ++i)
 {
 argv_append(&r, string_alloc(a->argv[i], NULL));
 }
@@ -131,64 +130,6 @@ argv_insert_head(const struct argv *a, const char *head)
 return r;
 }
 
-static char *
-argv_term(const char **f)
-{
-const char *p = *f;
-const char *term = NULL;
-size_t termlen = 0;
-
-if (*p == '\0')
-{
-return NULL;
-}
-
-while (true)
-{
-const int c = *p;
-if (c == '\0')
-{
-break;
-}
-if (term)
-{
-if (!isspace(c))
-{
-++termlen;
-}
-else
-{
-break;
-}
-}
-else
-{
-if (!isspace(c))
-{
-term = p;
-termlen = 1;
-}
-}
-++p;
-}
-*f = p;
-
-if (term)
-{
-char *ret;
-ASSERT(termlen > 0);
-ret = malloc(termlen + 1);
-check_malloc_return(ret);
-memcpy(ret, term, termlen);
-ret[termlen] = '\0';
-return ret;
-}
-else
-{
-return NULL;
-}
-}
-
 const char *
 argv_str(const struct argv *a, struct gc_arena *gc, const unsigned int flags)
 {
@@ -218,132 +159,170 @@ argv_msg_prefix(const int msglev, const struct argv *a, 
const char *prefix)
 gc_free(&gc);
 }
 
-static void
+
+/*
+ * argv_prep_format - prepare argv format string for further processing
+ *
+ * Individual argument must be separated by space. Ignores leading and 
trailing spaces.
+ * Consecutive spaces count as one. Returns prepared format string, with space 
replaced
+ * by delim and adds the number of arguments to the count parameter.
+ */
+static char *
+argv_prep_format(const char *format, const char delim, size_t *count, struct 
gc_arena *gc)
+{
+if (format == NULL)
+{
+return NULL;
+}
+
+bool in_token = false;
+char *f = gc_malloc(strlen(format) + 1, true, gc);
+for (int i = 0, j = 0; i < strlen(format); i++)
+{
+if (format[i] == ' ')
+{
+in_token = false;
+continue;
+}
+
+if (!in_token)
+{
+(*count)++;
+
+/*
+ * We don't add any delimiter to the output string if
+ * the string is empty; the resulting format string
+ * will never start with a delimiter.
+ */
+if (j > 0)  /* Has anything been written to the output string? */
+{
+f[j++] = delim;
+}
+}
+
+f[j++] = format[i];
+in_token = true;
+}
+
+return f;
+}
+
+/*
+ * argv_printf_arglist - create a struct argv from a format string
+ *
+ * Instead of parsing the format string ourselves place delimiters via 
argv_prep_format()
+ * before we let libc's printf() do the parsing. Then split the resulting 
string at the
+ * injected delimiters.
+ */
+static bool
 argv_printf_arglist(struct argv *a, const char *format, va_list argl

Re: [Openvpn-devel] [PATCH 1/2] Skip DNS address validation

[Domagoj Pensa]

Hi!

On Thu, Feb 06, 2020 at 09:58:37AM +, Simon Rozman wrote:
> Hi,
> 
> My thoughts exactly: as Lev pointed out:
> https://github.com/rozmansi/openvpn/commit/6b746cb0bf72a75e9963cc1a037c18cfb
> 856702a
> 
> Acked-by: Simon Rozman 
> 
> Domagoj, if it's not too much for you, maybe document the reason why DNS
> validation is so slow in the commit message. My wording went like this:
> 
> > DNS validation usually fails, as the pushed routes should be added first
> > to make DNS servers not part of the OpenVPN subnet reachable before
> > instructing Windows to use them.
> 
> Maybe Gert can update the commit message when applying?

Absolutely, Gert can add your additional description in the commit.

Regards,
Domagoj


___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH 1/2] Skip DNS address validation

[Simon Rozman]

Hi,

My thoughts exactly: as Lev pointed out:
https://github.com/rozmansi/openvpn/commit/6b746cb0bf72a75e9963cc1a037c18cfb
856702a

Acked-by: Simon Rozman 

Domagoj, if it's not too much for you, maybe document the reason why DNS
validation is so slow in the commit message. My wording went like this:

> DNS validation usually fails, as the pushed routes should be added first
> to make DNS servers not part of the OpenVPN subnet reachable before
> instructing Windows to use them.

Maybe Gert can update the commit message when applying?

One day somebody might revert that DNS validation back to default, as the
long-term shot would be to upgrade the OpenVPN to setup routes first, then
configure DNS servers.

But then there's ValdikSS with thousands of routes in his .ovpn setup...

Best regards,
Simon



smime.p7s
Description: S/MIME cryptographic signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel