Re: [Openvpn-devel] [PATCH] dns option: remove support for exclude-domains
On 28/02/2023 05:41, Heiko Hund wrote: No DNS resolver currently supports this and it is not possible to emulate the behavior without the chance of errors. Finding the effective default system DNS server(s) to specify the exclude DNS routes is not trivial and cannot be verified to be correct without resolver internal knowledge. So, it is better to not support this instead of supporting it, but incorrectly. Signed-off-by: Heiko Hund --- doc/man-sections/client-options.rst | 14 +- src/openvpn/dns.c | 13 ++--- src/openvpn/dns.h | 7 --- src/openvpn/options.c | 16 4 files changed, 7 insertions(+), 43 deletions(-) I've only glared at the code and quickly done a few compile tests. LGTM. Change itself also makes sense. Acked-By: David Sommerseth -- kind regards, David Sommerseth OpenVPN Inc ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH applied] Re: configure: improve FreeBSD DCO check
Acked-by: Gert Doering Thanks for spotting & fixing this, and apologies for still not having a FreeBSD 14 buildslave. Indeed, the existing configure.ac hard breaks my FreeBSD 14 setup (which I didn't look at for a while, "because it works")... checking for nvlist_create in -lnv... no configure: WARNING: Name/Value pair library not found. configure: error: DCO support can't be enabled (because "./configure --enable-dco" -> succeed or error out). With "enable DCO on auto", the existing code does checking for nvlist_create in -lnv... no configure: WARNING: Name/Value pair library not found. configure: WARNING: DCO support disabled and proceeds to build a binary with no DCO! With this patch applied, "no arguments" or "--enable-dco" both succeed... checking for net/if_ovpn.h... yes configure: Enabled ovpn-dco support for FreeBSD on earlier FreeBSD versions (7.4), it just disables DCO, and proceeds happily - as it should be. configure: WARNING: DCO header not found. configure: WARNING: DCO support disabled Your patch has been applied to the master and release/2.6 branch. commit 6f261673dee26ae8cfdf58f77038098d4f81d84a (master) commit 86fb085b6d2582916ef59b4bd8bd5e4a072964a3 (release/2.6) Author: Kristof Provost Date: Wed Mar 1 10:18:48 2023 +0100 configure: improve FreeBSD DCO check Signed-off-by: Kristof Provost Acked-by: Gert Doering Message-Id: <20230301091848.80760-1-kprov...@netgate.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26314.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH applied] Re: options.c: enforce a minimal fragment size
Acked-by: Gert Doering Straightforward :-) - and we really shouldn't divide by zero.. I have adjusted the message to read "--fragment ..." (with dashes), because that's what we seem to do in other option-related error messages. Your patch has been applied to the master and release/2.6 branch. commit 78e504210add19343e65f5c5b80be9ea6e9e95ab (master) commit b9a9de156bc3ad517bfc6d1042ad0ef0350b638e (release/2.6) Author: Kristof Provost Date: Wed Mar 1 10:18:51 2023 +0100 options.c: enforce a minimal fragment size Signed-off-by: Kristof Provost Acked-by: Gert Doering Message-Id: <20230301091851.82243-1-kprov...@netgate.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26313.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel