[Openvpn-devel] [L] Change in openvpn[master]: Remove openvpn_snprintf and similar functions
Attention is currently required from: flichtenheld, plaisthos. ordex has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/547?usp=email ) Change subject: Remove openvpn_snprintf and similar functions .. Patch Set 2: Code-Review+2 (4 comments) Patchset: PS2: closing some comments as they were commenting code that did not really change with this patch... The only remaining comment is about a comment in the UT which is a bit cryptic. Maybe that can be adjusted on the fly. Other than that, the code looks good to me <3 File src/openvpn/proxy.c: http://gerrit.openvpn.net/c/openvpn/+/547/comment/f78adfbf_ca231ac7 : PS2, Line 962: if (sret >= sizeof(buf)) > if this can truly happen, does it mean that the buffer is undersized compared > to the size of all var […] Done File src/openvpn/socks.c: http://gerrit.openvpn.net/c/openvpn/+/547/comment/0f6508ea_b21108c0 : PS2, Line 114: (int) strlen(creds.username), creds.username, > normally we don't put a paceb etween the cast and the variable name. […] Done http://gerrit.openvpn.net/c/openvpn/+/547/comment/b4ed3e45_e9af3876 : PS2, Line 116: ASSERT(sret <= sizeof(to_send)); > why ASSERT here while in other cases we just go to error or cleanup? Done -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/547?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I07096977e3b562bcb5d2c6f11673a4175b8e12ac Gerrit-Change-Number: 547 Gerrit-PatchSet: 2 Gerrit-Owner: plaisthos Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: ordex Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: flichtenheld Gerrit-Comment-Date: Mon, 08 Apr 2024 06:59:00 + Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Comment-In-Reply-To: ordex Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: crypto_backend: fix type of enc parameter
Attention is currently required from: flichtenheld, plaisthos. ordex has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/548?usp=email ) Change subject: crypto_backend: fix type of enc parameter .. Patch Set 3: (1 comment) File src/openvpn/crypto_mbedtls.c: http://gerrit.openvpn.net/c/openvpn/+/548/comment/c7af8f42_1c7d88cd : PS3, Line 569: const char *ciphername, crypto_operation_t enc) > Also, in practice it is a boolean. […] still dirty if you ask me, but it's a nit pick -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/548?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: If0dcdde30879fd6185efb2ad31399c1629c04d22 Gerrit-Change-Number: 548 Gerrit-PatchSet: 3 Gerrit-Owner: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-CC: ordex Gerrit-Attention: plaisthos Gerrit-Attention: flichtenheld Gerrit-Comment-Date: Wed, 27 Mar 2024 15:25:50 + Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: plaisthos Comment-In-Reply-To: flichtenheld Comment-In-Reply-To: ordex Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: crypto_backend: fix type of enc parameter
Attention is currently required from: flichtenheld, plaisthos. ordex has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/548?usp=email ) Change subject: crypto_backend: fix type of enc parameter .. Patch Set 3: (2 comments) Patchset: PS3: Thanks for introducing the typedef - this looks much cleaner, as Arne also suggested. However, I have a nit pick about the arg naming. File src/openvpn/crypto_mbedtls.c: http://gerrit.openvpn.net/c/openvpn/+/548/comment/f5ffc802_2b16c413 : PS3, Line 569: const char *ciphername, crypto_operation_t enc) may I argue that the name "operation" (or just "op") is more appropriate as this is not a bool (encrypt or not encrypt), but rather an enum being assigned some op? -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/548?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: If0dcdde30879fd6185efb2ad31399c1629c04d22 Gerrit-Change-Number: 548 Gerrit-PatchSet: 3 Gerrit-Owner: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-CC: ordex Gerrit-Attention: plaisthos Gerrit-Attention: flichtenheld Gerrit-Comment-Date: Wed, 27 Mar 2024 13:24:24 + Gerrit-HasComments: Yes Gerrit-Has-Labels: No Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [L] Change in openvpn[master]: Remove openvpn_snprintf and similar functions
Attention is currently required from: flichtenheld, plaisthos. ordex has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/547?usp=email ) Change subject: Remove openvpn_snprintf and similar functions .. Patch Set 2: (5 comments) Patchset: PS2: some nit picks below.. File src/openvpn/proxy.c: http://gerrit.openvpn.net/c/openvpn/+/547/comment/d2c89116_22dbc48e : PS2, Line 962: if (sret >= sizeof(buf)) if this can truly happen, does it mean that the buffer is undersized compared to the size of all variables we are putting together? Therefore, wouldn't it make more sense to extend the size of the buffer to ensure that no matter what we save in those variables, we will always be able to create the HTTP header? Or there is a limit with the HTTP header that we have to deal with? My concern is that we are not preventing people from filling those variables as they please, but we will then fail to put them together for no good reason. does it make sense? File src/openvpn/socks.c: http://gerrit.openvpn.net/c/openvpn/+/547/comment/8bdf0e3c_8356c931 : PS2, Line 114: (int) strlen(creds.username), creds.username, normally we don't put a paceb etween the cast and the variable name. This comments applies to all other casts below http://gerrit.openvpn.net/c/openvpn/+/547/comment/b417986e_a5f333df : PS2, Line 116: ASSERT(sret <= sizeof(to_send)); why ASSERT here while in other cases we just go to error or cleanup? File tests/unit_tests/openvpn/test_buffer.c: http://gerrit.openvpn.net/c/openvpn/+/547/comment/f8c8a505_dbfb9729 : PS2, Line 369: * for this unit test. We know that are doing this that are truncated I think there is some typ0 here. Maybe something like: "We know that results will be truncated and we actually want to test that". -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/547?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I07096977e3b562bcb5d2c6f11673a4175b8e12ac Gerrit-Change-Number: 547 Gerrit-PatchSet: 2 Gerrit-Owner: plaisthos Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: ordex Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: flichtenheld Gerrit-Comment-Date: Wed, 27 Mar 2024 10:48:48 + Gerrit-HasComments: Yes Gerrit-Has-Labels: No Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [L] Change in openvpn[master]: Remove openvpn_snprintf and similar functions
Attention is currently required from: flichtenheld, plaisthos. ordex has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/547?usp=email ) Change subject: Remove openvpn_snprintf and similar functions .. Patch Set 1: Code-Review+2 (1 comment) Patchset: PS1: as far as I understand we can't restore the broken behavior unless we specify that macro or we switch to __snprintf. Both can't happen accidentally, therefore it's not possible introduce the buggy behavior by mistake. In the worst case the code won't compile on old MS systems (pre-VS2015/VC14). -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/547?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I07096977e3b562bcb5d2c6f11673a4175b8e12ac Gerrit-Change-Number: 547 Gerrit-PatchSet: 1 Gerrit-Owner: plaisthos Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: ordex Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: flichtenheld Gerrit-Comment-Date: Mon, 25 Mar 2024 01:15:22 + Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [XS] Change in openvpn[master]: Add bracket in fingerprint message and do not warn about missing veri...
Attention is currently required from: flichtenheld, plaisthos. ordex has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/546?usp=email ) Change subject: Add bracket in fingerprint message and do not warn about missing verification .. Patch Set 1: (1 comment) File src/openvpn/init.c: http://gerrit.openvpn.net/c/openvpn/+/546/comment/07b8605a_ec110767 : PS1, Line 3598: && !(o->verify_hash_depth ==0 && o->verify_hash)) ==0 should be == 0 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/546?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ia73d53002f4ba2658af18c17cce1b68f79de5781 Gerrit-Change-Number: 546 Gerrit-PatchSet: 1 Gerrit-Owner: plaisthos Gerrit-Reviewer: flichtenheld Gerrit-CC: openvpn-devel Gerrit-CC: ordex Gerrit-Attention: plaisthos Gerrit-Attention: flichtenheld Gerrit-Comment-Date: Fri, 22 Mar 2024 20:07:15 + Gerrit-HasComments: Yes Gerrit-Has-Labels: No Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [M] Change in openvpn[master]: samples: Update sample configurations
Attention is currently required from: flichtenheld, plaisthos. ordex has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/532?usp=email ) Change subject: samples: Update sample configurations .. Patch Set 2: Code-Review+2 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/532?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I1a36651c0dea52259533ffc00bccb9b03bf82e26 Gerrit-Change-Number: 532 Gerrit-PatchSet: 2 Gerrit-Owner: flichtenheld Gerrit-Reviewer: ordex Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: flichtenheld Gerrit-Comment-Date: Mon, 04 Mar 2024 13:15:23 + Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [M] Change in openvpn[master]: samples: Remove tls-*.conf
Attention is currently required from: flichtenheld. ordex has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/531?usp=email ) Change subject: samples: Remove tls-*.conf .. Patch Set 1: Code-Review+2 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/531?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I199541fea5a76c8edef7f67d2dbfc476987dc2f7 Gerrit-Change-Number: 531 Gerrit-PatchSet: 1 Gerrit-Owner: flichtenheld Gerrit-Reviewer: ordex Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-Attention: flichtenheld Gerrit-Comment-Date: Mon, 04 Mar 2024 13:13:23 + Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [M] Change in openvpn[master]: t_client.sh: Allow to skip tests
Attention is currently required from: flichtenheld, plaisthos. ordex has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/521?usp=email ) Change subject: t_client.sh: Allow to skip tests .. Patch Set 2: (3 comments) Patchset: PS2: Feature ACK. I like having the possibility to run tests only when needed/possible. File tests/t_client.sh.in: http://gerrit.openvpn.net/c/openvpn/+/521/comment/d0f81f67_ff0f5ae9 : PS2, Line 301: SKIP_ I am probably clueless about this, but where is $SKIP filled? File tests/unit_tests/openvpn/mock_msg.c: http://gerrit.openvpn.net/c/openvpn/+/521/comment/9ff035ac_ffa92d48 : PS2, Line 94: endif I wonder if mock_msg.c is the right place for assert_failed(). Maybe it should just be moved somewhere else. opinions? -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/521?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I13ea6752c8d102eabcc579e391828c05d5322899 Gerrit-Change-Number: 521 Gerrit-PatchSet: 2 Gerrit-Owner: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-CC: ordex Gerrit-Attention: plaisthos Gerrit-Attention: flichtenheld Gerrit-Comment-Date: Wed, 21 Feb 2024 09:16:03 + Gerrit-HasComments: Yes Gerrit-Has-Labels: No Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: Minor fix to process_ip_header
Attention is currently required from: flichtenheld, its_Giaan, plaisthos. ordex has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/525?usp=email ) Change subject: Minor fix to process_ip_header .. Patch Set 1: Code-Review-1 (1 comment) Patchset: PS1: As discussed on the mailing list with Gert, it makes more sense to simply drop the outern if() entirely as it doesn't save us much, while introduces unneded complexity. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/525?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I4b5e8357d872c920efdb64632e9bce72cebee202 Gerrit-Change-Number: 525 Gerrit-PatchSet: 1 Gerrit-Owner: its_Giaan Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: ordex Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: its_Giaan Gerrit-Attention: flichtenheld Gerrit-Comment-Date: Tue, 20 Feb 2024 09:24:39 + Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: Make it more explicit and visible when pkg-config is not found
Attention is currently required from: cron2, flichtenheld, plaisthos. ordex has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/465?usp=email ) Change subject: Make it more explicit and visible when pkg-config is not found .. Patch Set 5: Code-Review+2 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/465?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Iebaa35a23e217a4cd7739af229cbfc08a3d8854a Gerrit-Change-Number: 465 Gerrit-PatchSet: 5 Gerrit-Owner: plaisthos Gerrit-Reviewer: cron2 Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: ordex Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: cron2 Gerrit-Attention: flichtenheld Gerrit-Comment-Date: Fri, 05 Jan 2024 13:51:23 + Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: Make it more explicit and visible when pkg-config is not found
Attention is currently required from: flichtenheld, plaisthos. ordex has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/465?usp=email ) Change subject: Make it more explicit and visible when pkg-config is not found .. Patch Set 3: Code-Review-1 (3 comments) Patchset: PS3: Other than the two comments I added in the code, the patch does what it says and it makes very straightforward understanding that pkg-config is now not installed. Tested a couple of cases on my lovely gentoo and it just worked. File configure.ac: http://gerrit.openvpn.net/c/openvpn/+/465/comment/a58bb3dc_c4b892a1 : PS3, Line 385: pkg_config_found="(not found)" am I wrong or there is some indentation havoc here? The line above uses 8blanks tab, but the lines before have 4 spaces indentation? I think we uses tabs everywhere else. http://gerrit.openvpn.net/c/openvpn/+/465/comment/5512845f_c09de864 : PS3, Line 387: pkg_config_found="(using ${PKG_CONFIG})" many error messages already contain 'using pkg-config', therefore the text above will lead to 'using using', which sounds weird. How about changing 'using' with 'path:'? -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/465?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Iebaa35a23e217a4cd7739af229cbfc08a3d8854a Gerrit-Change-Number: 465 Gerrit-PatchSet: 3 Gerrit-Owner: plaisthos Gerrit-Reviewer: cron2 Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: ordex Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: flichtenheld Gerrit-Comment-Date: Thu, 04 Jan 2024 23:17:56 + Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [M] Change in openvpn[master]: event/multi: add event_arg object to make event handling more generic
ordex has restored this change. ( http://gerrit.openvpn.net/c/openvpn/+/430?usp=email ) Change subject: event/multi: add event_arg object to make event handling more generic .. Restored -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/430?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: If11e901c26fc5aafdcfd59a214d70c6e6a548f40 Gerrit-Change-Number: 430 Gerrit-PatchSet: 1 Gerrit-Owner: ordex Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-MessageType: restore ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [M] Change in openvpn[master]: pass link_socket object to i/o functions
ordex has restored this change. ( http://gerrit.openvpn.net/c/openvpn/+/431?usp=email ) Change subject: pass link_socket object to i/o functions .. Restored -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/431?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Id2e06723003a78ee237f0542aa1ab0cb3734e37b Gerrit-Change-Number: 431 Gerrit-PatchSet: 1 Gerrit-Owner: ordex Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-MessageType: restore ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [L] Change in openvpn[master]: io_work: convert shift argument to uintptr_t
ordex has restored this change. ( http://gerrit.openvpn.net/c/openvpn/+/432?usp=email ) Change subject: io_work: convert shift argument to uintptr_t .. Restored -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/432?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Id5c50dc754837ddb9a9414d8f38982f75e99bace Gerrit-Change-Number: 432 Gerrit-PatchSet: 1 Gerrit-Owner: ordex Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-MessageType: restore ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: io_work: pass event_arg object to event handler in case of socket event
ordex has restored this change. ( http://gerrit.openvpn.net/c/openvpn/+/433?usp=email ) Change subject: io_work: pass event_arg object to event handler in case of socket event .. Restored -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/433?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I5899081c69bf1aa654d20e607fcdbd589140d474 Gerrit-Change-Number: 433 Gerrit-PatchSet: 1 Gerrit-Owner: ordex Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-MessageType: restore ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [L] Change in openvpn[master]: allow tcp/udp server to listen on multiple ports at the same time
ordex has restored this change. ( http://gerrit.openvpn.net/c/openvpn/+/434?usp=email ) Change subject: allow tcp/udp server to listen on multiple ports at the same time .. Restored -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/434?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ia0a889e800f0b36aed770ee36e31afeec5df6084 Gerrit-Change-Number: 434 Gerrit-PatchSet: 1 Gerrit-Owner: ordex Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-MessageType: restore ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: if a local IPv6 address is provided, socket must be v6-only
ordex has restored this change. ( http://gerrit.openvpn.net/c/openvpn/+/435?usp=email ) Change subject: if a local IPv6 address is provided, socket must be v6-only .. Restored -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/435?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I7a3349c7de4202b5eb2f576e3f8a82a9af6f7f31 Gerrit-Change-Number: 435 Gerrit-PatchSet: 1 Gerrit-Owner: ordex Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-MessageType: restore ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [M] Change in openvpn[master]: allow user to specify 'local' multiple times in config files
ordex has restored this change. ( http://gerrit.openvpn.net/c/openvpn/+/436?usp=email ) Change subject: allow user to specify 'local' multiple times in config files .. Restored -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/436?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I4d1c96662c5a8c750d883e3b20adde09529e2764 Gerrit-Change-Number: 436 Gerrit-PatchSet: 1 Gerrit-Owner: ordex Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-MessageType: restore ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: override ai_family if 'local' numeric address was specified
ordex has restored this change. ( http://gerrit.openvpn.net/c/openvpn/+/437?usp=email ) Change subject: override ai_family if 'local' numeric address was specified .. Restored -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/437?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I8c9ec61af9e786ec284e756ec3a77a959c79f49b Gerrit-Change-Number: 437 Gerrit-PatchSet: 1 Gerrit-Owner: ordex Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-MessageType: restore ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [L] Change in openvpn[master]: Bind to multiple ipv4/ipv6 addresses
ordex has restored this change. ( http://gerrit.openvpn.net/c/openvpn/+/438?usp=email ) Change subject: Bind to multiple ipv4/ipv6 addresses .. Restored -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/438?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ia122d5cdc42c2969eef6f32f438e30b52652721f Gerrit-Change-Number: 438 Gerrit-PatchSet: 1 Gerrit-Owner: ordex Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-MessageType: restore ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [M] Change in openvpn[master]: mroute: properly print protocol at the end of the string
ordex has restored this change. ( http://gerrit.openvpn.net/c/openvpn/+/439?usp=email ) Change subject: mroute: properly print protocol at the end of the string .. Restored -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/439?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I6688362d8461c112bf425ddfe488d511a64cc37e Gerrit-Change-Number: 439 Gerrit-PatchSet: 1 Gerrit-Owner: ordex Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-MessageType: restore ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [L] Change in openvpn[master]: Using the same wait function for both TCP and UDP
ordex has restored this change. ( http://gerrit.openvpn.net/c/openvpn/+/440?usp=email ) Change subject: Using the same wait function for both TCP and UDP .. Restored -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/440?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I81ec69d12abc9a661875c93c7f1bd97e525df55f Gerrit-Change-Number: 440 Gerrit-PatchSet: 1 Gerrit-Owner: ordex Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-MessageType: restore ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [XL] Change in openvpn[master]: multiproto: move generic event handling code in dedicated files
ordex has restored this change. ( http://gerrit.openvpn.net/c/openvpn/+/441?usp=email ) Change subject: multiproto: move generic event handling code in dedicated files .. Restored -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/441?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Id2d7957f5950115d9baade4c09fd9679b01f749b Gerrit-Change-Number: 441 Gerrit-PatchSet: 1 Gerrit-Owner: ordex Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-MessageType: restore ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [M] Change in openvpn[master]: pass link_socket object to i/o functions
ordex has abandoned this change. ( http://gerrit.openvpn.net/c/openvpn/+/431?usp=email ) Change subject: pass link_socket object to i/o functions .. Abandoned -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/431?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Id2e06723003a78ee237f0542aa1ab0cb3734e37b Gerrit-Change-Number: 431 Gerrit-PatchSet: 1 Gerrit-Owner: ordex Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-MessageType: abandon ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [M] Change in openvpn[master]: mroute: properly print protocol at the end of the string
ordex has abandoned this change. ( http://gerrit.openvpn.net/c/openvpn/+/439?usp=email ) Change subject: mroute: properly print protocol at the end of the string .. Abandoned -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/439?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I6688362d8461c112bf425ddfe488d511a64cc37e Gerrit-Change-Number: 439 Gerrit-PatchSet: 1 Gerrit-Owner: ordex Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-MessageType: abandon ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [M] Change in openvpn[master]: event/multi: add event_arg object to make event handling more generic
ordex has abandoned this change. ( http://gerrit.openvpn.net/c/openvpn/+/430?usp=email ) Change subject: event/multi: add event_arg object to make event handling more generic .. Abandoned -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/430?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: If11e901c26fc5aafdcfd59a214d70c6e6a548f40 Gerrit-Change-Number: 430 Gerrit-PatchSet: 1 Gerrit-Owner: ordex Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-MessageType: abandon ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [L] Change in openvpn[master]: Bind to multiple ipv4/ipv6 addresses
ordex has abandoned this change. ( http://gerrit.openvpn.net/c/openvpn/+/438?usp=email ) Change subject: Bind to multiple ipv4/ipv6 addresses .. Abandoned -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/438?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ia122d5cdc42c2969eef6f32f438e30b52652721f Gerrit-Change-Number: 438 Gerrit-PatchSet: 1 Gerrit-Owner: ordex Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-MessageType: abandon ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [L] Change in openvpn[master]: allow tcp/udp server to listen on multiple ports at the same time
ordex has abandoned this change. ( http://gerrit.openvpn.net/c/openvpn/+/434?usp=email ) Change subject: allow tcp/udp server to listen on multiple ports at the same time .. Abandoned -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/434?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ia0a889e800f0b36aed770ee36e31afeec5df6084 Gerrit-Change-Number: 434 Gerrit-PatchSet: 1 Gerrit-Owner: ordex Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-MessageType: abandon ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [M] Change in openvpn[master]: allow user to specify 'local' multiple times in config files
ordex has abandoned this change. ( http://gerrit.openvpn.net/c/openvpn/+/436?usp=email ) Change subject: allow user to specify 'local' multiple times in config files .. Abandoned -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/436?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I4d1c96662c5a8c750d883e3b20adde09529e2764 Gerrit-Change-Number: 436 Gerrit-PatchSet: 1 Gerrit-Owner: ordex Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-MessageType: abandon ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: io_work: pass event_arg object to event handler in case of socket event
ordex has abandoned this change. ( http://gerrit.openvpn.net/c/openvpn/+/433?usp=email ) Change subject: io_work: pass event_arg object to event handler in case of socket event .. Abandoned -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/433?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I5899081c69bf1aa654d20e607fcdbd589140d474 Gerrit-Change-Number: 433 Gerrit-PatchSet: 1 Gerrit-Owner: ordex Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-MessageType: abandon ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [L] Change in openvpn[master]: Using the same wait function for both TCP and UDP
ordex has abandoned this change. ( http://gerrit.openvpn.net/c/openvpn/+/440?usp=email ) Change subject: Using the same wait function for both TCP and UDP .. Abandoned -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/440?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I81ec69d12abc9a661875c93c7f1bd97e525df55f Gerrit-Change-Number: 440 Gerrit-PatchSet: 1 Gerrit-Owner: ordex Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-MessageType: abandon ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: if a local IPv6 address is provided, socket must be v6-only
ordex has abandoned this change. ( http://gerrit.openvpn.net/c/openvpn/+/435?usp=email ) Change subject: if a local IPv6 address is provided, socket must be v6-only .. Abandoned -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/435?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I7a3349c7de4202b5eb2f576e3f8a82a9af6f7f31 Gerrit-Change-Number: 435 Gerrit-PatchSet: 1 Gerrit-Owner: ordex Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-MessageType: abandon ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [L] Change in openvpn[master]: io_work: convert shift argument to uintptr_t
ordex has abandoned this change. ( http://gerrit.openvpn.net/c/openvpn/+/432?usp=email ) Change subject: io_work: convert shift argument to uintptr_t .. Abandoned -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/432?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Id5c50dc754837ddb9a9414d8f38982f75e99bace Gerrit-Change-Number: 432 Gerrit-PatchSet: 1 Gerrit-Owner: ordex Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-MessageType: abandon ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: override ai_family if 'local' numeric address was specified
ordex has abandoned this change. ( http://gerrit.openvpn.net/c/openvpn/+/437?usp=email ) Change subject: override ai_family if 'local' numeric address was specified .. Abandoned -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/437?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I8c9ec61af9e786ec284e756ec3a77a959c79f49b Gerrit-Change-Number: 437 Gerrit-PatchSet: 1 Gerrit-Owner: ordex Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-MessageType: abandon ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [XL] Change in openvpn[master]: multiproto: move generic event handling code in dedicated files
ordex has abandoned this change. ( http://gerrit.openvpn.net/c/openvpn/+/441?usp=email ) Change subject: multiproto: move generic event handling code in dedicated files .. Abandoned -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/441?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Id2d7957f5950115d9baade4c09fd9679b01f749b Gerrit-Change-Number: 441 Gerrit-PatchSet: 1 Gerrit-Owner: ordex Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-MessageType: abandon ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [L] Change in openvpn[master]: Bind to multiple ipv4/ipv6 addresses
Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/438?usp=email to review the following change. Change subject: Bind to multiple ipv4/ipv6 addresses .. Bind to multiple ipv4/ipv6 addresses Enables the binding of multiple listen sockets based on the specified "--local" directives. The main server loop has been updated to handle both TCP and UDP connections. The hash function has also been modified to include the protocol during the creation of new client instances. Change-Id: Ia122d5cdc42c2969eef6f32f438e30b52652721f Signed-off-by: Gianmarco De Gregori --- M src/openvpn/forward.c M src/openvpn/forward.h M src/openvpn/init.c M src/openvpn/mroute.c M src/openvpn/mroute.h M src/openvpn/mtcp.c M src/openvpn/mtcp.h M src/openvpn/mudp.c M src/openvpn/mudp.h M src/openvpn/multi.c M src/openvpn/multi.h M src/openvpn/options.c M src/openvpn/options.h 13 files changed, 613 insertions(+), 116 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/38/438/1 diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 9a6dcd8..27415ee 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -1760,7 +1760,7 @@ if (c->options.shaper) { int overhead = datagram_overhead(c->c2.to_link_addr->dest.addr.sa.sa_family, - c->options.ce.proto); + ls->info.proto); shaper_wrote_bytes(>c2.shaper, BLEN(>c2.to_link) + overhead); } @@ -2050,6 +2050,250 @@ */ void +io_wait_dowork_udp(struct context *c, struct multi_tcp *mtcp, const unsigned int flags) +{ +unsigned int socket = 0; +unsigned int tuntap = 0; +struct event_set_return esr[4]; + +/* These shifts all depend on EVENT_READ and EVENT_WRITE */ +static uintptr_t socket_shift = 0; /* depends on SOCKET_READ and SOCKET_WRITE */ +static uintptr_t tun_shift = 2; /* depends on TUN_READ and TUN_WRITE */ +static uintptr_t err_shift = 4; /* depends on ES_ERROR */ +#ifdef ENABLE_MANAGEMENT +static uintptr_t management_shift = 6; /* depends on MANAGEMENT_READ and MANAGEMENT_WRITE */ +#endif +#ifdef ENABLE_ASYNC_PUSH +static int file_shift = FILE_SHIFT; +#endif +#if defined(TARGET_LINUX) || defined(TARGET_FREEBSD) +static int dco_shift = DCO_SHIFT;/* Event from DCO linux kernel module */ +#endif +int i; + +/* + * Decide what kind of events we want to wait for. + */ +/*c->c2.event_set = mtcp->es; */ +/*event_reset(mtcp->es); */ +/*event_reset(c->c2.event_set); */ + +/* + * On win32 we use the keyboard or an event object as a source + * of asynchronous signals. + */ +if (flags & IOW_WAIT_SIGNAL) +{ +wait_signal(mtcp->es, (void *)err_shift); +} + +/* + * If outgoing data (for TCP/UDP port) pending, wait for ready-to-send + * status from TCP/UDP port. Otherwise, wait for incoming data on + * TUN/TAP device. + */ +if (flags & IOW_TO_LINK) +{ +if (flags & IOW_SHAPER) +{ +/* + * If sending this packet would put us over our traffic shaping + * quota, don't send -- instead compute the delay we must wait + * until it will be OK to send the packet. + */ +int delay = 0; + +/* set traffic shaping delay in microseconds */ +if (c->options.shaper) +{ +delay = max_int(delay, shaper_delay(>c2.shaper)); +} + +if (delay < 1000) +{ +socket |= EVENT_WRITE; +} +else +{ +shaper_soonest_event(>c2.timeval, delay); +} +} +else +{ +socket |= EVENT_WRITE; +} +} +else if (!((flags & IOW_FRAG) && TO_LINK_FRAG(c))) +{ +if (flags & IOW_READ_TUN) +{ +tuntap |= EVENT_READ; +} +} + +/* + * If outgoing data (for TUN/TAP device) pending, wait for ready-to-send status + * from device. Otherwise, wait for incoming data on TCP/UDP port. + */ +if (flags & IOW_TO_TUN) +{ +tuntap |= EVENT_WRITE; +} +else +{ +if (flags & IOW_READ_LINK) +{ +socket |= EVENT_READ; +} +} + +/* + * outgoing bcast buffer waiting to be sent? + */ +if (flags & IOW_MBUF) +{ +socket |= EVENT_WRITE; +} + +/* + * Force wait on TUN input, even if also waiting on TCP/UDP output + */ +if (flags & IOW_READ_TUN_FORCE) +{ +tuntap |= EVENT_READ; +} + +#ifdef _WIN32 +if
[Openvpn-devel] [M] Change in openvpn[master]: allow user to specify 'local' multiple times in config files
Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/436?usp=email to review the following change. Change subject: allow user to specify 'local' multiple times in config files .. allow user to specify 'local' multiple times in config files It is now possible to specify 'local' multiple times in a server config to let it listen on multiple sockets (address:port) of the same protocol. Change-Id: I4d1c96662c5a8c750d883e3b20adde09529e2764 Signed-off-by: Antonio Quartulli --- M src/openvpn/init.c M src/openvpn/options.c M src/openvpn/options.h M src/openvpn/socket.c 4 files changed, 171 insertions(+), 39 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/36/436/1 diff --git a/src/openvpn/init.c b/src/openvpn/init.c index f8dd01f..659c9e3 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -745,7 +745,7 @@ init_connection_list(c); -c->c1.link_sockets_num = 1; +c->c1.link_sockets_num = c->options.ce.local_list->len; do_link_socket_addr_new(c); @@ -3821,8 +3821,8 @@ /* init each socket with its specific port */ link_socket_init_phase1(c->c2.link_sockets[i], -c->options.ce.local, -c->options.ce.local_port, +c->options.ce.local_list->array[i]->local, +c->options.ce.local_list->array[i]->port, c->options.ce.remote, c->options.ce.remote_port, c->c1.dns_cache, @@ -3836,7 +3836,7 @@ #ifdef ENABLE_DEBUG c->options.gremlin, #endif -c->options.ce.bind_local, +c->options.ce.local_list->array[i]->bind_local, c->options.ce.remote_float, >c1.link_socket_addrs[i], c->options.ipchange, @@ -4978,6 +4978,7 @@ if (dest->mode == CM_CHILD_UDP) { ASSERT(!dest->c2.link_sockets); +ASSERT(dest->options.ce.local_list); /* inherit buffers */ dest->c2.buffers = src->c2.buffers; diff --git a/src/openvpn/options.c b/src/openvpn/options.c index b88fea9..9611423 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -124,7 +124,13 @@ "--version : Show copyright and version information.\n" "\n" "Tunnel Options:\n" -"--local host: Local host name or ip address. Implies --bind.\n" +"--local host|* [port] : Local host name or ip address and port. '*' can be used\n" +"as hostname and means 'any host' (openvpn will listen on\n" +"what is returned by the OS). Implies --bind.\n" +"0.0.0.0 or :: can be used to specifically open a socket\n" +"listening on any IPv4 or IPv6 address respectively.\n" +"The user can specify multiple --local entries to have\n" +"a server listen on multiple sockets at the same time.\n" "--remote host [port] : Remote host name or ip address.\n" "--remote-random : If multiple --remote options specified, choose one randomly.\n" "--remote-random-hostname : Add a random string to remote DNS name.\n" @@ -982,8 +988,9 @@ const int i) { setenv_str_i(es, "proto", proto2ascii(e->proto, e->af, false), i); -setenv_str_i(es, "local", e->local, i); -setenv_str_i(es, "local_port", e->local_port, i); +/* expected to befor single socket contexts only */ +setenv_str_i(es, "local", e->local_list->array[0]->local, i); +setenv_str_i(es, "local_port", e->local_list->array[0]->port, i); setenv_str_i(es, "remote", e->remote, i); setenv_str_i(es, "remote_port", e->remote_port, i); @@ -1701,8 +1708,12 @@ show_connection_entry(const struct connection_entry *o) { msg(D_SHOW_PARMS, " proto = %s", proto2ascii(o->proto, o->af, false)); -SHOW_STR(local); -SHOW_STR(local_port); +msg(D_SHOW_PARMS, " Local Sockets:"); +for (int i = 0; i < o->local_list->len; i++) +{ +msg(D_SHOW_PARMS, "[%s]:%s", o->local_list->array[i]->local, +o->local_list->array[i]->port); +} SHOW_STR(remote); SHOW_STR(remote_port); SHOW_BOOL(remote_float); @@ -2151,6 +2162,37 @@ #endif /* ifdef ENABLE_MANAGEMENT */ +static struct local_list * +alloc_local_list_if_undef(struct connection_entry *ce, struct gc_arena *gc) +{ +if (!ce->local_list) +{ +ALLOC_OBJ_CLEAR_GC(ce->local_list, struct local_list, gc); +} +return ce->local_list; +} + +static struct
[Openvpn-devel] [L] Change in openvpn[master]: io_work: convert shift argument to uintptr_t
Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/432?usp=email to review the following change. Change subject: io_work: convert shift argument to uintptr_t .. io_work: convert shift argument to uintptr_t Instead of passing the shift argument as pointer, pass directly its integer value. This will allow the code to distinguish a shift value from a real object pointer, like we already do in multi_tcp_process_io(). This change will allow us later to pass an event_arg object as event handler argument instead of a simple integer value. Change-Id: Id5c50dc754837ddb9a9414d8f38982f75e99bace Signed-off-by: Antonio Quartulli --- M src/openvpn/forward.c M src/openvpn/mtcp.c M src/openvpn/ovpn_dco_linux.h M src/openvpn/ovpn_dco_win.h 4 files changed, 212 insertions(+), 213 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/32/432/1 diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 88d3fea..9cc5c6b 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -2046,14 +2046,12 @@ unsigned int tuntap = 0; struct event_set_return esr[4]; -/* These shifts all depend on EVENT_READ (=1) and EVENT_WRITE (=2) - * and are added to the shift. Check openvpn.h for more details. - */ -static int socket_shift = SOCKET_SHIFT; -static int tun_shift = TUN_SHIFT; -static int err_shift = ERR_SHIFT; +/* These shifts all depend on EVENT_READ and EVENT_WRITE */ +static uintptr_t socket_shift = 0; /* depends on SOCKET_READ and SOCKET_WRITE */ +static uintptr_t tun_shift = 2; /* depends on TUN_READ and TUN_WRITE */ +static uintptr_t err_shift = 4; /* depends on ES_ERROR */ #ifdef ENABLE_MANAGEMENT -static int management_shift = MANAGEMENT_SHIFT; +static uintptr_t management_shift = 6; /* depends on MANAGEMENT_READ and MANAGEMENT_WRITE */ #endif #ifdef ENABLE_ASYNC_PUSH static int file_shift = FILE_SHIFT; @@ -2073,7 +2071,7 @@ */ if (flags & IOW_WAIT_SIGNAL) { -wait_signal(c->c2.event_set, (void *)_shift); +wait_signal(c->c2.event_set, (void *)err_shift); } /* @@ -2167,7 +2165,7 @@ * Configure event wait based on socket, tuntap flags. */ socket_set(c->c2.link_socket, c->c2.event_set, socket, (void *)_shift, NULL); -tun_set(c->c1.tuntap, c->c2.event_set, tuntap, (void *)_shift, NULL); +tun_set(c->c1.tuntap, c->c2.event_set, tuntap, (void *)tun_shift, NULL); #if defined(TARGET_LINUX) || defined(TARGET_FREEBSD) if (socket & EVENT_READ && c->c2.did_open_tun) { @@ -2178,7 +2176,7 @@ #ifdef ENABLE_MANAGEMENT if (management) { -management_socket_set(management, c->c2.event_set, (void *)_shift, NULL); +management_socket_set(management, c->c2.event_set, (void *)management_shift, NULL); } #endif @@ -2229,7 +2227,7 @@ for (i = 0; i < status; ++i) { const struct event_set_return *e = [i]; -c->c2.event_set_status |= ((e->rwflags & 3) << *((int *)e->arg)); +c->c2.event_set_status |= ((e->rwflags & 3) << (uintptr_t)e->arg); } } else if (status == 0) diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c index b83bdca..de1d24f 100644 --- a/src/openvpn/mtcp.c +++ b/src/openvpn/mtcp.c @@ -720,6 +720,7 @@ multi_tcp_action(m, mi, TA_SOCKET_READ, false); } break; + /* new incoming TCP client attempting to connect? */ case EVENT_ARG_LINK_SOCKET: ASSERT(m->top.c2.link_socket); diff --git a/src/openvpn/ovpn_dco_linux.h b/src/openvpn/ovpn_dco_linux.h index 73e19b5..e62d2b4 100644 --- a/src/openvpn/ovpn_dco_linux.h +++ b/src/openvpn/ovpn_dco_linux.h @@ -4,8 +4,8 @@ * * Copyright (C) 2019-2023 OpenVPN, Inc. * - * Author:James Yonan - * Antonio Quartulli + * Author: James Yonan + * Antonio Quartulli */ #ifndef _UAPI_LINUX_OVPN_DCO_H_ @@ -19,238 +19,238 @@ * enum ovpn_nl_commands - supported netlink commands */ enum ovpn_nl_commands { - /** -* @OVPN_CMD_UNSPEC: unspecified command to catch errors -*/ - OVPN_CMD_UNSPEC = 0, +/** + * @OVPN_CMD_UNSPEC: unspecified command to catch errors + */ +OVPN_CMD_UNSPEC = 0, - /** -* @OVPN_CMD_NEW_PEER: Configure peer with its crypto keys -*/ - OVPN_CMD_NEW_PEER, +/** + * @OVPN_CMD_NEW_PEER: Configure peer with its crypto keys + */ +OVPN_CMD_NEW_PEER, - /** -* @OVPN_CMD_SET_PEER: Tweak parameters for an existing peer -*/ - OVPN_CMD_SET_PEER, +/** + *
[Openvpn-devel] [M] Change in openvpn[master]: mroute: properly print protocol at the end of the string
Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/439?usp=email to review the following change. Change subject: mroute: properly print protocol at the end of the string .. mroute: properly print protocol at the end of the string mroute: substitute unused field with proto Rather than adding a new field 'proto', take advantage of the 'unused' field and rename it. Hashing will now start at the 'proto' field rather than 'type'. MULTI: ensure we've got the correct protocol with virtual addresses MULTI: ensure we've got the same value as protocol for vaddressed Change-Id: I6688362d8461c112bf425ddfe488d511a64cc37e Signed-off-by: Gianmarco De Gregori --- M src/openvpn/forward.c M src/openvpn/mroute.c M src/openvpn/mroute.h M src/openvpn/mtcp.c M src/openvpn/mudp.c M src/openvpn/multi.c M src/openvpn/ssl.c 7 files changed, 45 insertions(+), 29 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/39/439/1 diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 27415ee..63a684b 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -1114,13 +1114,16 @@ decrypt_status = openvpn_decrypt(>c2.buf, c->c2.buffers->decrypt_buf, co, >c2.frame, ad_start); -if (!decrypt_status -/* all sockets are of the same type, so just check the first one */ -&& link_socket_connection_oriented(c->c2.link_sockets[0])) +for (int i = 0; i < c->c1.link_sockets_num; i++) { -/* decryption errors are fatal in TCP mode */ -register_signal(c->sig, SIGUSR1, "decryption-error"); /* SOFT-SIGUSR1 -- decryption error in TCP mode */ -msg(D_STREAM_ERRORS, "Fatal decryption error (process_incoming_link), restarting"); +if (!decrypt_status +/* all sockets are of the same type, so just check the first one (not anymore!) */ +&& link_socket_connection_oriented(c->c2.link_sockets[i])) +{ +/* decryption errors are fatal in TCP mode */ +register_signal(c->sig, SIGUSR1, "decryption-error"); /* SOFT-SIGUSR1 -- decryption error in TCP mode */ +msg(D_STREAM_ERRORS, "Fatal decryption error (process_incoming_link), restarting"); +} } } else @@ -2239,6 +2242,7 @@ if (status > 0) { +/*printf("\nstatus: %d\n", status); */ int i; mtcp->event_set_status = 0; for (i = 0; i < status; ++i) @@ -2275,10 +2279,6 @@ mtcp->event_set_status = ES_TIMEOUT; } } -else -{ -mtcp->event_set_status = SOCKET_READ; -} } /* 'now' should always be a reasonably up-to-date timestamp */ diff --git a/src/openvpn/mroute.c b/src/openvpn/mroute.c index 0017a48..c72fe10 100644 --- a/src/openvpn/mroute.c +++ b/src/openvpn/mroute.c @@ -421,7 +421,6 @@ { buf_printf(, ":%d", ntohs(maddr.v4.port)); } -buf_printf(, ":%d", maddr.proto); } break; @@ -454,6 +453,7 @@ buf_printf(, "UNKNOWN"); break; } +buf_printf(, "|%d", maddr.proto); return BSTR(); } else diff --git a/src/openvpn/mroute.h b/src/openvpn/mroute.h index 7c8972f..4e6d32c 100644 --- a/src/openvpn/mroute.h +++ b/src/openvpn/mroute.h @@ -74,9 +74,8 @@ struct mroute_addr { uint8_t len;/* length of address */ -uint8_t unused; -uint8_t type; /* MR_ADDR/MR_WITH flags */ uint8_t proto; +uint8_t type; /* MR_ADDR/MR_WITH flags */ uint8_t netbits; /* number of bits in network part of address, * valid if MR_WITH_NETBITS is set */ union { @@ -231,7 +230,7 @@ mroute_addr_hash_ptr(const struct mroute_addr *a) { /* NOTE: depends on ordering of struct mroute_addr */ -return (uint8_t *) >type; +return (uint8_t *) >proto; } static inline uint32_t diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c index d4ce642..ba0905e 100644 --- a/src/openvpn/mtcp.c +++ b/src/openvpn/mtcp.c @@ -109,7 +109,7 @@ mi = multi_create_instance(m, NULL, ls); if (mi && !proto_is_dgram(ls->info.proto)) { -printf("\nTCP add\n"); +mi->real.proto = ls->info.proto; struct hash_element *he; const uint32_t hv = hash_value(hash, >real); struct hash_bucket *bucket = hash_bucket(hash, hv); @@ -746,22 +746,26 @@ ev_arg->u.ls); } } -multi_get_timeout(m,
[Openvpn-devel] [L] Change in openvpn[master]: Using the same wait function for both TCP and UDP
Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/440?usp=email to review the following change. Change subject: Using the same wait function for both TCP and UDP .. Using the same wait function for both TCP and UDP FORWARD: added a new function to collect UDP flags. MTCP: the mtcp structure has been modified to carry around those flags. The second wait function (in UDP case) has been removed. MULTI: properly remove TCP instances by checking the multi_instance protocol instead of the global one. TLS: set the tls_option xmit_hold bool value to true only in case of TCP child instance to avoid checking the global protocol value. INIT: initialize the c->c2.event_set in the inherit_context_top() by default and not only in case of UDP since we could have multiple different sockets. Change-Id: I81ec69d12abc9a661875c93c7f1bd97e525df55f Signed-off-by: Gianmarco De Gregori --- M src/openvpn/forward.c M src/openvpn/forward.h M src/openvpn/init.c M src/openvpn/mtcp.c M src/openvpn/mtcp.h M src/openvpn/mudp.c M src/openvpn/multi.c M src/openvpn/options.c M src/openvpn/options.h 9 files changed, 177 insertions(+), 244 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/40/440/1 diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 63a684b..ee18f8b 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -2053,48 +2053,20 @@ */ void -io_wait_dowork_udp(struct context *c, struct multi_tcp *mtcp, const unsigned int flags) +get_io_flags_dowork_udp(struct context *c, struct multi_tcp *mtcp, const unsigned int flags) { unsigned int socket = 0; unsigned int tuntap = 0; -struct event_set_return esr[4]; - -/* These shifts all depend on EVENT_READ and EVENT_WRITE */ -static uintptr_t socket_shift = 0; /* depends on SOCKET_READ and SOCKET_WRITE */ -static uintptr_t tun_shift = 2; /* depends on TUN_READ and TUN_WRITE */ -static uintptr_t err_shift = 4; /* depends on ES_ERROR */ -#ifdef ENABLE_MANAGEMENT -static uintptr_t management_shift = 6; /* depends on MANAGEMENT_READ and MANAGEMENT_WRITE */ -#endif -#ifdef ENABLE_ASYNC_PUSH -static int file_shift = FILE_SHIFT; -#endif -#if defined(TARGET_LINUX) || defined(TARGET_FREEBSD) -static int dco_shift = DCO_SHIFT;/* Event from DCO linux kernel module */ -#endif -int i; +static uintptr_t err_shift = 4; /* - * Decide what kind of events we want to wait for. - */ -/*c->c2.event_set = mtcp->es; */ -/*event_reset(mtcp->es); */ -/*event_reset(c->c2.event_set); */ - -/* - * On win32 we use the keyboard or an event object as a source - * of asynchronous signals. + * Calculate the flags based on the provided 'flags' argument. */ if (flags & IOW_WAIT_SIGNAL) { wait_signal(mtcp->es, (void *)err_shift); } -/* - * If outgoing data (for TCP/UDP port) pending, wait for ready-to-send - * status from TCP/UDP port. Otherwise, wait for incoming data on - * TUN/TAP device. - */ if (flags & IOW_TO_LINK) { if (flags & IOW_SHAPER) @@ -2180,117 +2152,68 @@ /* * Configure event wait based on socket, tuntap flags. */ -for (i = 0; i < c->c1.link_sockets_num; i++) +for (int i = 0; i < c->c1.link_sockets_num; i++) { -socket_set(c->c2.link_sockets[i], mtcp->es, socket, - >c2.link_sockets[i]->ev_arg, NULL); -} -tun_set(c->c1.tuntap, c->c2.event_set, tuntap, (void *)tun_shift, NULL); -#if defined(TARGET_LINUX) || defined(TARGET_FREEBSD) -if (socket & EVENT_READ && c->c2.did_open_tun) -{ -dco_event_set(>c1.tuntap->dco, mtcp->es, (void *)_shift); -} -#endif - -#ifdef ENABLE_MANAGEMENT -if (management) -{ -management_socket_set(management, mtcp->es, (void *)management_shift, NULL); -} -#endif - -#ifdef ENABLE_ASYNC_PUSH -/* arm inotify watcher */ -if (c->options.mode == MODE_SERVER) -{ -event_ctl(mtcp->es, c->c2.inotify_fd, EVENT_READ, (void *)_shift); -} -#endif - -/* - * Possible scenarios: - * (1) tcp/udp port has data available to read - * (2) tcp/udp port is ready to accept more data to write - * (3) tun dev has data available to read - * (4) tun dev is ready to accept more data to write - * (5) we received a signal (handler sets signal_received) - * (6) timeout (tv) expired - */ - -mtcp->event_set_status = ES_ERROR; - -if (!c->sig->signal_received) -{ -if (!(flags & IOW_CHECK_RESIDUAL) || !sockets_read_residual(c)) +if (proto_is_dgram(c->c2.link_sockets[i]->info.proto)) { -int status; - -#ifdef ENABLE_DEBUG -
[Openvpn-devel] [M] Change in openvpn[master]: pass link_socket object to i/o functions
Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/431?usp=email to review the following change. Change subject: pass link_socket object to i/o functions .. pass link_socket object to i/o functions In order to prepare the code to work with distinct sockets, it is essential that i/o functions do not operate on any hard-coded socket object (i.e. c->c2.link_socket). This patch changes all the low-level i/o functionis to work with a socket specified as argument rather than a fixed one. Change-Id: Id2e06723003a78ee237f0542aa1ab0cb3734e37b Signed-off-by: Antonio Quartulli --- M src/openvpn/event.h M src/openvpn/forward.c M src/openvpn/forward.h M src/openvpn/mtcp.c M src/openvpn/mudp.c M src/openvpn/multi.h M src/openvpn/openvpn.c M src/openvpn/socket.c 8 files changed, 44 insertions(+), 36 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/31/431/1 diff --git a/src/openvpn/event.h b/src/openvpn/event.h index 23a6799..0b1f63d 100644 --- a/src/openvpn/event.h +++ b/src/openvpn/event.h @@ -137,6 +137,7 @@ event_arg_t type; union { struct multi_instance *mi; /* if type = EVENT_ARG_MULTI_INSTANCE */ +struct link_socket *ls; /* if type = EVENT_ARG_LINK_SOCKET */ } u; }; diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 0443ca0..88d3fea 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -868,9 +868,9 @@ */ static inline void -socks_postprocess_incoming_link(struct context *c) +socks_postprocess_incoming_link(struct context *c, struct link_socket *ls) { -if (c->c2.link_socket->socks_proxy && c->c2.link_socket->info.proto == PROTO_UDP) +if (ls->socks_proxy && ls->info.proto == PROTO_UDP) { socks_process_incoming_udp(>c2.buf, >c2.from); } @@ -878,13 +878,14 @@ static inline void socks_preprocess_outgoing_link(struct context *c, + struct link_socket *ls, struct link_socket_actual **to_addr, int *size_delta) { -if (c->c2.link_socket->socks_proxy && c->c2.link_socket->info.proto == PROTO_UDP) +if (ls->socks_proxy && ls->info.proto == PROTO_UDP) { *size_delta += socks_process_outgoing_udp(>c2.to_link, c->c2.to_link_addr); -*to_addr = >c2.link_socket->socks_relay; +*to_addr = >socks_relay; } } @@ -909,7 +910,7 @@ */ void -read_incoming_link(struct context *c) +read_incoming_link(struct context *c, struct link_socket *ls) { /* * Set up for recvfrom call to read datagram @@ -924,17 +925,17 @@ c->c2.buf = c->c2.buffers->read_link_buf; ASSERT(buf_init(>c2.buf, c->c2.frame.buf.headroom)); -status = link_socket_read(c->c2.link_socket, +status = link_socket_read(ls, >c2.buf, >c2.from); -if (socket_connection_reset(c->c2.link_socket, status)) +if (socket_connection_reset(ls, status)) { #if PORT_SHARE -if (port_share && socket_foreign_protocol_detected(c->c2.link_socket)) +if (port_share && socket_foreign_protocol_detected(ls)) { -const struct buffer *fbuf = socket_foreign_protocol_head(c->c2.link_socket); -const int sd = socket_foreign_protocol_sd(c->c2.link_socket); +const struct buffer *fbuf = socket_foreign_protocol_head(ls); +const int sd = socket_foreign_protocol_sd(ls); port_share_redirect(port_share, fbuf, sd); register_signal(c->sig, SIGTERM, "port-share-redirect"); } @@ -961,7 +962,7 @@ bool dco_win_timeout = tuntap_is_dco_win_timeout(c->c1.tuntap, status); /* check recvfrom status */ -check_status(status, "read", c->c2.link_socket, NULL); +check_status(status, "read", ls, NULL); if (dco_win_timeout) { @@ -969,7 +970,7 @@ } /* Remove socks header if applicable */ -socks_postprocess_incoming_link(c); +socks_postprocess_incoming_link(c, ls); perf_pop(); } @@ -1206,11 +1207,11 @@ } static void -process_incoming_link(struct context *c) +process_incoming_link(struct context *c, struct link_socket *ls) { perf_push(PERF_PROC_IN_LINK); -struct link_socket_info *lsi = get_link_socket_info(c); +struct link_socket_info *lsi = >info; const uint8_t *orig_buf = c->c2.buf.data; process_incoming_link_part1(c, lsi, false); @@ -1720,7 +1721,7 @@ */ void -process_outgoing_link(struct context *c) +process_outgoing_link(struct context *c, struct link_socket *ls) { struct gc_arena gc = gc_new(); int error_code = 0; @@ -1763,7 +1764,7 @@ #if PASSTOS_CAPABILITY /* Set TOS */ -link_socket_set_tos(c->c2.link_socket); +
[Openvpn-devel] [M] Change in openvpn[master]: event/multi: add event_arg object to make event handling more generic
Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/430?usp=email to review the following change. Change subject: event/multi: add event_arg object to make event handling more generic .. event/multi: add event_arg object to make event handling more generic In order to prepare the event handling code to deal with multiple listening sockets, we have to make sure that it is possible to distinguish which of these sockets have been pocked by an incoming connection request. To achieve that, this patch changes the object being passed as event handler argument, from a "partly integer evaluated variable" to a full struct with a proper type attribute. This struct will allow the code to carry around the particular listening socket where the connection is being established. This change affects the TCP server code path only as UDP servers use only one socket to handle all clients i/o. Change-Id: If11e901c26fc5aafdcfd59a214d70c6e6a548f40 Signed-off-by: Antonio Quartulli --- M src/openvpn/event.h M src/openvpn/mtcp.c M src/openvpn/multi.c M src/openvpn/multi.h M src/openvpn/socket.c M src/openvpn/socket.h 6 files changed, 58 insertions(+), 13 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/30/430/1 diff --git a/src/openvpn/event.h b/src/openvpn/event.h index 6282873..23a6799 100644 --- a/src/openvpn/event.h +++ b/src/openvpn/event.h @@ -126,6 +126,20 @@ struct event_set_functions func; }; +typedef enum { +EVENT_ARG_MULTI_INSTANCE = 0, +EVENT_ARG_LINK_SOCKET, +} event_arg_t; + +/* generic event argument object to pass to event_ctl() */ +struct event_arg +{ +event_arg_t type; +union { +struct multi_instance *mi; /* if type = EVENT_ARG_MULTI_INSTANCE */ +} u; +}; + /* * maxevents on input: desired max number of event_t descriptors * simultaneously set with event_ctl diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c index 62eb14b..9d383af 100644 --- a/src/openvpn/mtcp.c +++ b/src/openvpn/mtcp.c @@ -253,7 +253,7 @@ socket_set(mi->context.c2.link_socket, m->mtcp->es, mbuf_defined(mi->tcp_link_out_deferred) ? EVENT_WRITE : EVENT_READ, - mi, + >ev_arg, >tcp_rwflags); } } @@ -264,7 +264,8 @@ { int status; unsigned int *persistent = >tun_rwflags; -socket_set_listen_persistent(c->c2.link_socket, mtcp->es, MTCP_SOCKET); +socket_set_listen_persistent(c->c2.link_socket, mtcp->es, + >c2.link_socket->ev_arg); #ifdef _WIN32 if (tuntap_is_wintun(c->c1.tuntap)) @@ -692,21 +693,43 @@ for (i = 0; i < mtcp->n_esr; ++i) { struct event_set_return *e = >esr[i]; +struct event_arg *ev_arg = (struct event_arg *)e->arg; -/* incoming data for instance? */ +/* incoming data for instance or listening socket? */ if (e->arg >= MTCP_N) { -struct multi_instance *mi = (struct multi_instance *) e->arg; -if (mi) +switch (ev_arg->type) { -if (e->rwflags & EVENT_WRITE) -{ -multi_tcp_action(m, mi, TA_SOCKET_WRITE_READY, false); -} -else if (e->rwflags & EVENT_READ) -{ -multi_tcp_action(m, mi, TA_SOCKET_READ, false); -} +struct multi_instance *mi; + +/* react to event on child instance */ +case EVENT_ARG_MULTI_INSTANCE: +if (!ev_arg->u.mi) +{ +msg(D_MULTI_ERRORS, "MULTI: mtcp_proc_io: null minstance"); +break; +} + +mi = ev_arg->u.mi; +if (e->rwflags & EVENT_WRITE) +{ +multi_tcp_action(m, mi, TA_SOCKET_WRITE_READY, false); +} +else if (e->rwflags & EVENT_READ) +{ +multi_tcp_action(m, mi, TA_SOCKET_READ, false); +} +break; +/* new incoming TCP client attempting to connect? */ +case EVENT_ARG_LINK_SOCKET: +ASSERT(m->top.c2.link_socket); +socket_reset_listen_persistent(m->top.c2.link_socket); +mi = multi_create_instance_tcp(m); +if (mi) +{ +multi_tcp_action(m, mi, TA_INITIAL, false); +} +break; } } else diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index
[Openvpn-devel] [S] Change in openvpn[master]: if a local IPv6 address is provided, socket must be v6-only
Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/435?usp=email to review the following change. Change subject: if a local IPv6 address is provided, socket must be v6-only .. if a local IPv6 address is provided, socket must be v6-only Change-Id: I7a3349c7de4202b5eb2f576e3f8a82a9af6f7f31 Signed-off-by: Antonio Quartulli --- M src/openvpn/socket.c 1 file changed, 8 insertions(+), 2 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/35/435/1 diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index f2bd624..17bd263 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -1108,9 +1108,15 @@ } else { +bool v6only = sock->info.bind_ipv6_only; + +/* force binding IPv6-only if an address was specified + * an it is a IPv6 */ +if (sock->local_host && ai_family == AF_INET6) +v6only = true; + socket_bind(sock->sd, sock->info.lsa->bind_local, -ai_family, -"TCP/UDP", sock->info.bind_ipv6_only); +ai_family, "TCP/UDP", v6only); } } } -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/435?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I7a3349c7de4202b5eb2f576e3f8a82a9af6f7f31 Gerrit-Change-Number: 435 Gerrit-PatchSet: 1 Gerrit-Owner: ordex Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: flichtenheld Gerrit-MessageType: newchange ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: override ai_family if 'local' numeric address was specified
Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/437?usp=email to review the following change. Change subject: override ai_family if 'local' numeric address was specified .. override ai_family if 'local' numeric address was specified This change ensures that when a numeric IP address is specified as argument to a 'local' directive, its ai_family overrides the one extracted from the 'proto' config option. Change-Id: I8c9ec61af9e786ec284e756ec3a77a959c79f49b Signed-off-by: Antonio Quartulli --- M src/openvpn/socket.c 1 file changed, 11 insertions(+), 2 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/37/437/1 diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index 5d9e111..ffd8daf 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -489,9 +489,8 @@ sig_info = } -/* try numeric ipv6 addr first */ +/* try numeric ip addr first */ CLEAR(hints); -hints.ai_family = ai_family; hints.ai_flags = AI_NUMERICHOST; if (flags & GETADDR_PASSIVE) @@ -519,6 +518,10 @@ const char *fmt; int level = 0; +/* this is not a numeric IP, therefore force resolution using the + * provided ai_family */ +hints.ai_family = ai_family; + if (hostname && (flags & GETADDR_RANDOMIZE)) { hostname = hostname_randomize(hostname, ); @@ -1120,7 +1123,9 @@ /* force binding IPv6-only if an address was specified * an it is a IPv6 */ if (sock->local_host && ai_family == AF_INET6) +{ v6only = true; +} socket_bind(sock->sd, sock->info.lsa->bind_local, ai_family, "TCP/UDP", v6only); @@ -1712,6 +1717,10 @@ sock->local_host, sock->local_port, gai_strerror(status)); } + +/* the resolved 'local entry' might have a different family than what + * was globally configured */ +sock->info.af = sock->info.lsa->bind_local->ai_family; } gc_free(); -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/437?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I8c9ec61af9e786ec284e756ec3a77a959c79f49b Gerrit-Change-Number: 437 Gerrit-PatchSet: 1 Gerrit-Owner: ordex Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: flichtenheld Gerrit-MessageType: newchange ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: io_work: pass event_arg object to event handler in case of socket event
Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/433?usp=email to review the following change. Change subject: io_work: pass event_arg object to event handler in case of socket event .. io_work: pass event_arg object to event handler in case of socket event In order to allow the code to work with multiple listening sockets it is essential to allow the generic multi_io event handler to distinguish between the various socket objects. This can be achieved by passing an event_arg object that contains a pointer to the link_socket. This code path is used on clients as well as UDP servers. Change-Id: I5899081c69bf1aa654d20e607fcdbd589140d474 Signed-off-by: Antonio Quartulli --- M src/openvpn/event.h M src/openvpn/forward.c M src/openvpn/mtcp.c 3 files changed, 30 insertions(+), 5 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/33/433/1 diff --git a/src/openvpn/event.h b/src/openvpn/event.h index 0b1f63d..f04318f 100644 --- a/src/openvpn/event.h +++ b/src/openvpn/event.h @@ -82,6 +82,12 @@ #define EVENT_METHOD_US_TIMEOUT (1<<0) #define EVENT_METHOD_FAST (1<<1) +/* + * The following constant is used as boundary between integer value + * and real addresses when passing arguments to event handlers as (void *) + */ +#define MULTI_N ((void *)16) /* upper bound on MTCP_x */ + #ifdef _WIN32 typedef const struct rw_handle *event_t; diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 9cc5c6b..9700c6c 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -2164,7 +2164,8 @@ /* * Configure event wait based on socket, tuntap flags. */ -socket_set(c->c2.link_socket, c->c2.event_set, socket, (void *)_shift, NULL); +socket_set(c->c2.link_socket, c->c2.event_set, socket, + >c2.link_socket->ev_arg, NULL); tun_set(c->c1.tuntap, c->c2.event_set, tuntap, (void *)tun_shift, NULL); #if defined(TARGET_LINUX) || defined(TARGET_FREEBSD) if (socket & EVENT_READ && c->c2.did_open_tun) @@ -2227,7 +2228,27 @@ for (i = 0; i < status; ++i) { const struct event_set_return *e = [i]; -c->c2.event_set_status |= ((e->rwflags & 3) << (uintptr_t)e->arg); +uintptr_t shift; + +if (e->arg >= MULTI_N) +{ +struct event_arg *ev_arg = (struct event_arg *)e->arg; +if (ev_arg->type != EVENT_ARG_LINK_SOCKET) +{ +c->c2.event_set_status = ES_ERROR; +msg(D_LINK_ERRORS, +"io_work: non socket event delivered"); +return; +} + +shift = socket_shift; +} +else +{ +shift = (uintptr_t)e->arg; +} + +c->c2.event_set_status |= ((e->rwflags & 3) << shift); } } else if (status == 0) diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c index de1d24f..3772acf 100644 --- a/src/openvpn/mtcp.c +++ b/src/openvpn/mtcp.c @@ -61,8 +61,6 @@ #define MTCP_FILE_CLOSE_WRITE ((void *)5) #define MTCP_DCO((void *)6) -#define MTCP_N ((void *)16) /* upper bound on MTCP_x */ - struct ta_iow_flags { unsigned int flags; @@ -696,7 +694,7 @@ struct event_arg *ev_arg = (struct event_arg *)e->arg; /* incoming data for instance or listening socket? */ -if (e->arg >= MTCP_N) +if (e->arg >= MULTI_N) { switch (ev_arg->type) { -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/433?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I5899081c69bf1aa654d20e607fcdbd589140d474 Gerrit-Change-Number: 433 Gerrit-PatchSet: 1 Gerrit-Owner: ordex Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: flichtenheld Gerrit-MessageType: newchange ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: Do not check key_state buffers that are in S_UNDEF state
Attention is currently required from: flichtenheld, plaisthos. ordex has uploaded a new patch set (#2) to the change originally created by plaisthos. ( http://gerrit.openvpn.net/c/openvpn/+/426?usp=email ) Change subject: Do not check key_state buffers that are in S_UNDEF state .. Do not check key_state buffers that are in S_UNDEF state When a key_state is in S_UNDEF the send_reliable is not initialised. So checking it might access invalid memory or null pointers. Change-Id: I226a73d47a2b1b29f7ec175ce23a806593abc2ac [a...@unstable.cc: add check for !send_reliable and message] Signed-off-by: Arne Schwabe --- M src/openvpn/ssl.c 1 file changed, 16 insertions(+), 0 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/26/426/2 diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index cee4afe..b4cd8f5 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -3189,6 +3189,22 @@ for (int i = 0; i < KS_SIZE; i++) { struct key_state *ks = >key[i]; +if (ks->state == S_UNDEF) +{ +continue; +} + +/* we don't expect send_reliable to be NULL when state is + * not S_UNDEF, but people have reported crashes nonetheless, + * therefore we better catch this event, report and exit. + */ +if (!ks->send_reliable) +{ +msg(M_FATAL, "ERROR: session->key[%d]->send_reliable is NULL " +"while key state is %s. Exiting.", +i, state_name(ks->state)); +} + for (int j = 0; j < ks->send_reliable->size; j++) { if (ks->send_reliable->array[i].buf.data == dataptr) -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/426?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I226a73d47a2b1b29f7ec175ce23a806593abc2ac Gerrit-Change-Number: 426 Gerrit-PatchSet: 2 Gerrit-Owner: plaisthos Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: ordex Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: flichtenheld Gerrit-MessageType: newpatchset ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [XS] Change in openvpn[master]: Do not check key_state buffers that are in S_UNDEF state
Attention is currently required from: flichtenheld, plaisthos. ordex has removed a vote from this change. ( http://gerrit.openvpn.net/c/openvpn/+/426?usp=email ) Change subject: Do not check key_state buffers that are in S_UNDEF state .. Removed Code-Review+2 by ordex -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/426?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I226a73d47a2b1b29f7ec175ce23a806593abc2ac Gerrit-Change-Number: 426 Gerrit-PatchSet: 1 Gerrit-Owner: plaisthos Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: ordex Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: flichtenheld Gerrit-MessageType: deleteVote ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [XS] Change in openvpn[master]: Do not check key_state buffers that are in S_UNDEF state
Attention is currently required from: flichtenheld, plaisthos. ordex has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/426?usp=email ) Change subject: Do not check key_state buffers that are in S_UNDEF state .. Patch Set 1: Code-Review+2 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/426?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I226a73d47a2b1b29f7ec175ce23a806593abc2ac Gerrit-Change-Number: 426 Gerrit-PatchSet: 1 Gerrit-Owner: plaisthos Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: ordex Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: flichtenheld Gerrit-Comment-Date: Wed, 15 Nov 2023 09:47:11 + Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [XS] Change in openvpn[release/2.6]: buffer: use memcpy in buf_catrunc
Attention is currently required from: flichtenheld. ordex has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/314?usp=email ) Change subject: buffer: use memcpy in buf_catrunc .. Patch Set 1: Code-Review+2 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/314?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: release/2.6 Gerrit-Change-Id: If4a67adac4d2e870fd719b58075d39efcd67c671 Gerrit-Change-Number: 314 Gerrit-PatchSet: 1 Gerrit-Owner: flichtenheld Gerrit-Reviewer: ordex Gerrit-CC: openvpn-devel Gerrit-Attention: flichtenheld Gerrit-Comment-Date: Tue, 15 Aug 2023 23:22:04 + Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [XS] Change in openvpn[master]: dco: fix crash when --multihome is used with --proto tcp
Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/324?usp=email to review the following change. Change subject: dco: fix crash when --multihome is used with --proto tcp .. dco: fix crash when --multihome is used with --proto tcp Although it's a combination of options that is not really useful, when specifying --multihome along with --proto tcp and DCO is enabled, OpenVPN will crash while attempting to access c2.link_socket_actual (NULL for the TCP case) in order to retrieve the local address (in function dco_multi_get_localaddr()) Prevent crash by running this code only if proto is UDP. The same check is already performed in socket.c/h for the non-DCO case. Fixes: https://github.com/OpenVPN/openvpn/issues/390 Change-Id: I61adc26ce2ff737e020c3d980902a46758cb23e5 Signed-off-by: Antonio Quartulli --- M src/openvpn/dco.c 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/24/324/1 diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c index 7c7eaac..cd3e0ad 100644 --- a/src/openvpn/dco.c +++ b/src/openvpn/dco.c @@ -509,7 +509,7 @@ #if ENABLE_IP_PKTINFO struct context *c = >context; -if (!(c->options.sockflags & SF_USE_IP_PKTINFO)) +if (!proto_is_udp(c->c2.link_socket->info.proto) || !(c->options.sockflags & SF_USE_IP_PKTINFO)) { return false; } -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/324?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I61adc26ce2ff737e020c3d980902a46758cb23e5 Gerrit-Change-Number: 324 Gerrit-PatchSet: 1 Gerrit-Owner: ordex Gerrit-Reviewer: flichtenheld Gerrit-CC: openvpn-devel Gerrit-Attention: flichtenheld Gerrit-MessageType: newchange ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [L] Change in openvpn[master]: dco: don't use NetLink to exchange control packets
Attention is currently required from: cron2, plaisthos. ordex has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/28?usp=email ) Change subject: dco: don't use NetLink to exchange control packets .. Patch Set 5: (2 comments) File src/openvpn/socket.h: http://gerrit.openvpn.net/c/openvpn/+/28/comment/1357b934_a0d12dbd PS4, Line 1184: /* unified UDPv4 and UDPv6 and DCO (kernel adds size header) */ > not anymore on linux as packets are just left untouched. Ack http://gerrit.openvpn.net/c/openvpn/+/28/comment/757247af_5fb67f04 PS4, Line 1069: * will strip the length header */ > aaah makes sense now. […] Ack -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/28?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ia1297c3ae9a28b188ed21ad21ae96fff3d02ee4d Gerrit-Change-Number: 28 Gerrit-PatchSet: 5 Gerrit-Owner: ordex Gerrit-Reviewer: cron2 Gerrit-Reviewer: plaisthos Gerrit-CC: stipa Gerrit-Attention: plaisthos Gerrit-Attention: cron2 Gerrit-Comment-Date: Thu, 09 Mar 2023 15:02:36 + Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: plaisthos Comment-In-Reply-To: ordex Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [L] Change in openvpn[master]: dco: don't use NetLink to exchange control packets
Attention is currently required from: cron2, plaisthos. Hello cron2, plaisthos, I'd like you to reexamine a change. Please visit http://gerrit.openvpn.net/c/openvpn/+/28?usp=email to look at the new patch set (#5). Change subject: dco: don't use NetLink to exchange control packets .. dco: don't use NetLink to exchange control packets Using NetLink has proved to be overkill and performance critical. The amount of control traffic can also easily overrun the NetLink buffer when a server has enough clients connected. Stop using NetLink to send/receive control packets and just use the transport socket as if DCO was not there at all. Under the hood DCO will redirect control packets to the transport socket without altering them, so that userspace can happily process them as usual. Change-Id: Ia1297c3ae9a28b188ed21ad21ae96fff3d02ee4d [l...@openvpn.net: ensure win_dco flag is still exposed] Signed-off-by: Antonio Quartulli --- M src/openvpn/dco.c M src/openvpn/dco.h M src/openvpn/dco_freebsd.c M src/openvpn/dco_freebsd.h M src/openvpn/dco_linux.c M src/openvpn/dco_linux.h M src/openvpn/dco_win.c M src/openvpn/forward.c M src/openvpn/init.c M src/openvpn/mtcp.c M src/openvpn/multi.c M src/openvpn/ovpn_dco_linux.h M src/openvpn/socket.c M src/openvpn/socket.h 14 files changed, 58 insertions(+), 297 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/28/28/5 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/28?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ia1297c3ae9a28b188ed21ad21ae96fff3d02ee4d Gerrit-Change-Number: 28 Gerrit-PatchSet: 5 Gerrit-Owner: ordex Gerrit-Reviewer: cron2 Gerrit-Reviewer: plaisthos Gerrit-CC: stipa Gerrit-Attention: plaisthos Gerrit-Attention: cron2 Gerrit-MessageType: newpatchset ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [L] Change in openvpn[master]: dco: don't use NetLink to exchange control packets
Attention is currently required from: cron2, plaisthos. ordex has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/28?usp=email ) Change subject: dco: don't use NetLink to exchange control packets .. Patch Set 4: (2 comments) File src/openvpn/socket.h: http://gerrit.openvpn.net/c/openvpn/+/28/comment/6956503d_6dfb58db PS4, Line 1184: /* unified UDPv4 and UDPv6 and DCO (kernel adds size header) */ > when we have TCP we need to add the size header but in the DCO case, the > kernel does that for us. not anymore on linux as packets are just left untouched. http://gerrit.openvpn.net/c/openvpn/+/28/comment/f80fb018_e8c00ace PS4, Line 1069: * will strip the length header */ > Basically in this codepath it is basically more like read_packet_with_header > vs read_packet_without_ […] aaah makes sense now. However, now the length header has to be set/unset by userland, because control packets are left untouched by DCO-linux -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/28?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ia1297c3ae9a28b188ed21ad21ae96fff3d02ee4d Gerrit-Change-Number: 28 Gerrit-PatchSet: 4 Gerrit-Owner: ordex Gerrit-Reviewer: cron2 Gerrit-Reviewer: plaisthos Gerrit-CC: stipa Gerrit-Attention: plaisthos Gerrit-Attention: cron2 Gerrit-Comment-Date: Thu, 09 Mar 2023 14:37:36 + Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: plaisthos Comment-In-Reply-To: ordex Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [L] Change in openvpn[master]: dco: don't use NetLink to exchange control packets
Attention is currently required from: cron2, plaisthos. ordex has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/28?usp=email ) Change subject: dco: don't use NetLink to exchange control packets .. Patch Set 4: (5 comments) File src/openvpn/forward.c: http://gerrit.openvpn.net/c/openvpn/+/28/comment/edcaa03e_7d307609 PS4, Line 1702: */ > Maybe move that comment (the part that still applies) to the new > socket_is_dco_win method? hmm I'd add a different working because it is not about where to send control packets, but just checking if DCO is enabled on a link or not. but yeah, we could definitely add some doc to socket_is_dco_win File src/openvpn/ovpn_dco_linux.h: http://gerrit.openvpn.net/c/openvpn/+/28/comment/be25a0d8_f403b236 PS4, Line 30: OVPN_CMD_NEW_PEER, > Didn't you want to add a length field for the residual TCP buffer and just 0 > here to avoid another A […] nah, adding a field does not break the API. We can add it later as it fixes a separate issue. File src/openvpn/socket.h: http://gerrit.openvpn.net/c/openvpn/+/28/comment/fdce9d57_fe86f5e0 PS4, Line 1184: /* unified UDPv4 and UDPv6 and DCO (kernel adds size header) */ > But here we remove the comment, even though it is also true here. again, why do we talk about size header if this is UDP? http://gerrit.openvpn.net/c/openvpn/+/28/comment/af827c3f_5e4fc158 PS4, Line 209: #define SF_DCO_WIN (1<<5) > Is using a flag really better than a bool here? this is Lev's doing :-D Technically we already have the socketflags bitfield, so re-using it is not a bad idea and it is less invasive compared to adding a member that is used by one platform only. http://gerrit.openvpn.net/c/openvpn/+/28/comment/c793d3d9_3d0bef67 PS4, Line 1069: * will strip the length header */ > here the comment is kept (since it is still true) I am confused. this is UDP, how come we talk about length header? -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/28?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ia1297c3ae9a28b188ed21ad21ae96fff3d02ee4d Gerrit-Change-Number: 28 Gerrit-PatchSet: 4 Gerrit-Owner: ordex Gerrit-Reviewer: cron2 Gerrit-Reviewer: plaisthos Gerrit-CC: stipa Gerrit-Attention: plaisthos Gerrit-Attention: cron2 Gerrit-Comment-Date: Thu, 09 Mar 2023 14:21:34 + Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: plaisthos Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel