.
The scripts can be performed in sequence by running run.sh
Cc: sh...@kernel.org
Cc: linux-kselftest@vger.kernel.org
Signed-off-by: Antonio Quartulli
---
tools/testing/selftests/Makefile |1 +
tools/testing/selftests/net/ovpn/.gitignore |2 +
tools/testing/selftests/net/ovpn
attachment/wiki/IRCimages/clientlan.png
In a nutshell, you need to configure both a route and a "iroute" to
inform the VPN server (your relay point) where a certain LAN is.
Hope this helps.
Regards,
--
Antonio Quartulli
___
Openvpn-users m
rs trying to
DoS a node?)
Let me know if you'd still prefer a flag instead of a separate
hash table and I could change that.
I think splitting is a good idea, not only because of the timeout, but
also because it makes the state more clear.
Regards,
Regards, Linus
--
Antonio Quartulli
rk queue callback item for cache purging */
struct delayed_work work;
--
Antonio Quartulli
x27;t you agree?
Cheers,
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
.
The scripts can be performed in sequence by running run.sh
Cc: sh...@kernel.org
Cc: linux-kselftest@vger.kernel.org
Signed-off-by: Antonio Quartulli
---
tools/testing/selftests/Makefile |1 +
tools/testing/selftests/net/ovpn/.gitignore |2 +
tools/testing/selftests/net/ovpn
On 08/07/2024 23:53, Илья Шипицин wrote:
пн, 8 июл. 2024 г. в 23:47, Antonio Quartulli :
Hi,
On 08/07/2024 23:44, Илья Шипицин wrote:
+msg( M_FATAL, "Failed allocate memory saved_pid_file_name");
patchset looks great, but (!!) there should be no space after t
quot; );
Unfortunately those are unlucky leftovers that haven't been fixed yet:
$ grep -r 'msg(M_FATAL' . |wc -l
286
$ grep -r 'msg( M_FATAL' . |wc -l
4
also, uncrustify GHA jobs agreed that it is no formatting violation
doubly unfortunate as I think
_name");
patchset looks great, but (!!) there should be no space after the
opening parenthesis..
Cheers,
+}
}
}
}
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge
.
The scripts can be performed in sequence by running run.sh
Cc: sh...@kernel.org
Cc: linux-kselftest@vger.kernel.org
Signed-off-by: Antonio Quartulli
---
tools/testing/selftests/Makefile |1 +
tools/testing/selftests/net/ovpn/.gitignore |2 +
tools/testing/selftests/net/ovpn
On 17/06/2024 23:29, Mika Laitio wrote:
Unless there are restrictions in algorithm used or key length?
I think these are the only things you need.
But I think the admin should be able to give you all information about
what's required.
Regards,
--
Antonio Quar
ts you to create your
key pair and a CSR, so that he can then create the certificate for you.
The configuration file (which is a bit orthogonal to this) should still
be provided by the admin.
I hope it helps.
Regards,
--
Antonio Quartulli
___
Openv
Hi,
On 21/05/2024 14:15, Remi Pommarel wrote:
On Tue, May 21, 2024 at 09:43:56AM +0200, Antonio Quartulli wrote:
Hi,
On 18/05/2024 17:50, Remi Pommarel wrote:
Wiphy should be locked before calling rdev_get_station() (see lockdep
assert in ieee80211_get_station()).
Adding the lock is fine
.
Have you checked where in ath10k_sta_statistics this is exactly
happening? Do you think some sta was partly released and thus fields
were NULLified?
Regards,
--
Antonio Quartulli
be enough)
Maybe certificates have not expired, but something else is annoying the
client which stops responding.
Regards,
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/list
not reply (tcpdump), but
also does not print any reason for rejection.
I wonder if the server is sending its reply over another interface and
thus getting lost?
Have you tried running tcpdump with '-i any'?
Regards,
--
Antonio Quartulli
opers here. They do not really
engage with "the outside world", it seems.
I have reported this message internally for further discussion.
Thanks for raising the concern.
Regards,
--
Antonio Quartulli
___
Openvpn-users mailin
e did you get the ovpn-dco package from?
Because I have my own dev package, but I hardly believe that was pulled
upstream.
Regards,
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/
blem being that there can be many factors affecting the results
here..including the specific platform you are testing this on.
This said, dco is going through a large code revamp, therefore we'll get
a chance to better investigate performance issue once that revamp is done.
T
Hi,
On 24/04/2024 11:38, d tbsky wrote:
[ 9652.965804] encrypt crypto_alloc_aead failed, err=-2
This is exactly it. The kernel crypto engine is reporting "not found".
I think you should look for CONFIG_CRYPTO_CHACHA20POLY1305 in the kernel
config.
Regards,
--
Antonio
Hi,
On 24/04/2024 11:21, d tbsky wrote:
Hi:
Antonio Quartulli
Unfortunately there will be no difference as this is an issue between
openvpn and ovpn-dco.
thanks a lot for hint!
Could you please re-run with --verb 6 ? That will include DCO specific
debug messages.
Thanks a lot for
Hi,
On 24/04/2024 11:03, d tbsky wrote:
Hi:
Antonio Quartulli
Yes, 2.6.10 requires ovpn-dco-v2.
ok. so I can not downgrade.
wireguard uses chacha20poly1305, therefore it'd be essential to test
with this algorithm in order to make a full comparison.
Do you have a full log to pr
t not found, ovpn-dco unloaded?" ?
Regards,
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
--
Antonio Quartulli
___
kmod_ovpn_dco_v2 module but
"openvpn --version" still report: "DCO version: N/A".
What is the exact openvpn and dc oversion that you compiled in your last
test?
Regards,
--
Antonio Quartulli
___
Openvpn-users mailin
: I7a1765661f7676eeba8016024080fd1026220ced
Signed-off-by: Selva Nair
Acked-by: Antonio Quartulli
---
v2: Add '--' prefix when referring to auth-user-pass
and mention related github issue
doc/man-sections/client-options.rst | 11 +++
doc/man-sections/inline-files.rst | 2 +-
2 files changed, 12 insert
Acked-by: Antonio Quartulli
---
Does this have to go through gerrit?
doc/man-sections/client-options.rst | 11 +++
doc/man-sections/inline-files.rst | 2 +-
2 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/doc/man-sections/client-options.rst
b/doc/man-sections/client
lla if() go.
Cheers,
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Hi,
On 16/02/2024 15:00, Antonio Quartulli wrote:
Hi,
On 15/02/2024 17:17, Gert Doering wrote:
Hi,
On Thu, Feb 15, 2024 at 03:59:02PM +, its_Giaan (Code Review) wrote:
if (buf->len > 0)
{
- /*
- * The --passtos and --mssfix options require
- *
not something we need to test for here (= if
only an IPv6 flag is active, why should we enter this branch?).
We need to enter for either v4 or v6 flags, no?
The check on whether the packet is v4 or v6 happens *inside* this if
block. Am I wrong?
Cheers,
--
Ant
to tell if what you are seeing is the result of this
implementation detail or something else, especially because in some
cases you get higher throughput.
Cheers,
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.source
Hi,
On 09/01/2024 12:24, Peter Davis wrote:
Hi,
In the Easy-RSA directory I have the following files and directories:
easyrsa openssl-easyrsa.cnf pki ta.key vars x509-types
Is it enough to keep the pki directory?
Why not keeping everything?
Cheers,
--
Antonio Quartulli
need the CA key in order to sign your
CRL (Certificate Revocation List).
The CA is the *trusted* entity that is in charge of signing "documents"
that others need to accept. IF you delete it, you have no way of
creating new "documents".
Cheers,
he metadata may contain some unique ID of the fingerprint
of the client cert..or anything you may come up with (i.e. an expiry date).
This is why you couldn't find any "how" on the Internet. You need to
build the logic by yourself.
I hope this helps!
st you to read a bit more about PKIs and x509?
These topics are "used" by OpenVPN, but they are generic and applicable
to different environments.
Cheers,
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
Hi,
On 08/01/2024 13:02, Peter Davis via Openvpn-users wrote:
I still don't quite understand why I shouldn't delete the Easy-RSA directory
after generating the keys!
Because tomorrow you may add another server or client and thus need to
generate another certificate.
Cheers,
hanks.
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
Hi,
On 03/01/2024 23:28, Gert Doering wrote:
Hi,
On Wed, Jan 03, 2024 at 10:45:50PM +0100, Antonio Quartulli wrote:
On 03/01/2024 20:03, Gert Doering wrote:
Not sure I can come up with a good attack scenario
in an OpenVPN PKI scenario where the CA would be stopped from doing
something nasty
access to the VPN
server).
I think the .csr dance would prevent the CA from impersonating well
known users with a well known certificate.
Cheers,
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https
there any firewall on the VPN server which may be preventing
connections from outside the LAN?
Note: this is unrelated to OpenVPN, but just a generic network
configuration issue.
Thanks again.
You right. The firewall was configured for the TCP protocol, not UDP.
Problem solved.
--
An
Sorry,
posted to the wrong list.
Forwarded to the correct one now.
On 03/01/2024 09:41, Antonio Quartulli wrote:
Hi,
On 03/01/2024 09:14, Peter Davis wrote:
Hello,
I changed the IP address in the client configuration file, but I can't
connect to the server. I got the following error:
lated to OpenVPN, but just a generic network
configuration issue.
Regards,
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
people do when having the VPN server behind a
firewall/NAT.
There might be other factors playing a role here (i.e. proper firewall
configuration, etc..), therefore just changing the IP may not be the
only required action.
Cheers,
--
Antonio Quartulli
t-security 2
#comp-lzo
#data-ciphers AES_256_GCM:CHACHA20_POLY1305:AES_128_GCM:AES_128_CCM
#data-ciphers-fallback AES-128-GCM
Thanks
Richard
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
server need to have forwarding
enabled.
gert
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
PN;
2) enable NAT on the server. this way it will be the server's IP to
reach 192.168.51.0/24 and the connection will/should work.
Did this work before?
Cheers,
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourc
ized the system with new certs created by
easy-rsa v.3 and the results, though not successful are definately
better.
you are missing --keepalive from your server config. Thus the time out.
HTH
--
Antonio Quartulli
___
Openvpn-users mailin
thm which is not accepted by the more
recent OpenSSL.
Regards,
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
like all other key material:
>
>
>>
>>
>
>
>> Cheers,
>
>> --
>> Antonio Quartulli
>
>
>
>Hello,
>Thanks.
>My Client.ovpn file is as follows:
>
>https://paste.mozilla.org/CwWTPPW0
>
>I got the following error:
>
>https:/
/man/openvpn-2.6/openvpn.8.html
and print it is using the "Save as PDF" virtual printer?
Cheers,
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
ile users because it is two files.
Is there a solution?
Yes, you can inline it like all other key material:
Cheers,
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
t at fault here.
Anyway, at least we know it's something obscure in the environment and
most likely (hopefully) not a bug in the code.
Cheers!
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.source
Hi,
On 29/11/2023 16:19, Aleksandar Ivanisevic wrote:
On 29. Nov 2023, at 12:23, Antonio Quartulli wrote:
Hi,
On 29/11/2023 11:21, Aleksandar Ivanisevic wrote:
what is your openssl version, maybe that has something to do with it? mine is
OpenSSL 3.0.11 19 Sep 2023 (Library: OpenSSL
Hi,
On 29/11/2023 12:23, Antonio Quartulli wrote:
Could you please share your config?
It may contain important details that otherwise we can only speculate on.
If I had to throw a wild guess, I would say that if chroot is in use, a
strange combination of factors may lead to openvpn reading a
may contain important details that otherwise we can only speculate on.
Thanks!
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
?
Regards,
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
://lists.sourceforge.net/lists/listinfo/openvpn-users
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
ter is 1.
@Aleksandar would it be an option for you to send your CRL over so that
we can replicate the issue here (also privately)?
Cheers,
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
Hi,
On 21/11/2023 18:06, Arne Schwabe wrote:
This can happen if the memory alloc fails.
Patch V2: add goto error
Patch V3: return -ENOMEM instead of going to error
Change-Id: Iee66caa794d267ac5f8bee584633352893047171
Signed-off-by: Arne Schwabe
Acked-by: Antonio Quartulli
---
src
gle thread for the client itself.
Arne
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Hi,
On 20/10/2023 21:35, Bo Berglund wrote:
What have I missed?
Breaking your setup in mysterious ways is not going to help :-)
As Gert pointed out, what you want to achieve requires configuring the
firewall to prevent access to the LAN subnet.
Cheers,
--
Antonio Quartulli
o instead of forcing any semantic, I think we should simply document
what the code does.
Cheers,
Regards,
Selva
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
From: Antonio Quartulli
Add an important detail about the DNS configured via this option
to be an "interface-specific" DNS. This detail is important when
troubleshooting DNS issues since this logic will bypass the
routing table.
Signed-off-by: Antonio Quartulli
---
doc/man-se
d
to your certificates, like the CN, and this is the main reason why you
should rely on those when trying to identifying clients in order to
assign special properties.
I hope this helps.
Cheers,
--
Antonio Quartulli
___
Openvpn-users mailing list
Ope
efault in openssl/opensslconf.h
#endif
]]
)],
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
rent message for this case?
Cheers,
#endif
]]
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
ket_descriptor_t ctrl_sd, /* already
open to proxy */
socket_descriptor_t udp_sd,
struct openvpn_sockaddr *relay_addr,
+ struct event_timeout *server_poll_timeout,
struct signal_info *sig_info
x27;t have 'local', using 'multihome' or not depends on your setup.
2- The multihome statement does not need a parameter? I just need to put it
inside of the server.conf file?
Correct. No parameter required and it is just added to the server config.
Regards,
--
Antoni
ient can connect to my OpenVPN server?
Because there is a file in CCD having the same name as the client CN.
If such file does not exist, then the client won't be able to connect.
This is what ccd-exclusive does.
Cheers,
--
Antonio Quartulli
___
ever, if you have multiple IPs, you most likely need 'multihome'.
Cheers,
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
ction dco_multi_get_localaddr())
Prevent crash by running this code only if proto is UDP.
The same check is already performed in socket.c/h for the non-DCO
case.
Fixes: https://github.com/OpenVPN/openvpn/issues/390
Change-Id: I61adc26ce2ff737e020c3d980902a46758cb23e5
Signed-off-by: Antonio Quartulli
---
src/op
Reported-by: Matt Whitlock
Change-Id: Ic473fbc447741e54a9aac83c70bc4e6d87d91080
Signed-off-by: Antonio Quartulli
---
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 5ab1d0df..2f65cbd5 100644
--- a/configure.ac
+++ b/configure.ac
831 | c2->dco_read_bytes);
| ~~
| |
| counter_type {aka long long unsigned int}
Signed-off-by: Sergey Korolev
Thanks for catching this!
Acked-by: Antonio Quartulli
--
Antonio Quartulli
___
Openv
?
I think so, because the patch is explicitly setting --data-ciphers and
it is not including CHACHA20POLY1305.
Do you have clients advertising chachapoly only?
Cheers,
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users
_CIPHER_key_length(kt));
+EVP_CIPHER_free(kt);
}
+
This is not required - please remove it before merging.
int
cipher_ctx_iv_length(const EVP_CIPHER_CTX *ctx)
{
Acked-by: Antonio Quartulli
--
Antonio Quartulli
___
Openvpn-devel maili
Cheers,
Best regards,
Kristof
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
--
Antonio Quartulli
--
Antonio Quartulli
if (A ==
NULL). Although I am not sure if the whole codebase was cleaned up yet
or not.
Cheers,
+{
+close(fd);
+return false;
+}
ifcr.ifcr_count = ifcr.ifcr_total;
ifcr.ifcr_buffer = buf;
--
Antonio Quartulli
Hi,
On 15/05/2023 16:21, Frank Lichtenheld wrote:
Leaks a small amount of memory every 15s.
Signed-off-by: Frank Lichtenheld
wonderful catch, Frank!
Acked-by: Antonio Quartulli
---
src/openvpn/dco_linux.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src
hange for FreeBSD can be found in https://reviews.freebsd.org/D39570
Signed-off-by: Kristof Provost
This looks good to me and I think it's reasonable to use the
CMD_SWAP_KEYS as notification for userspace to actually trigger a key
rotation.
Acked-by: Antonio Quartulli
Linux and Windo
a.oracle.com/ <https://bugzilla.oracle.com/>"
ORACLE_BUGZILLA_PRODUCT="Oracle Linux 8"
ORACLE_BUGZILLA_PRODUCT_VERSION=8.7
ORACLE_SUPPORT_PRODUCT="Oracle Linux"
ORACLE_SUPPORT_PRODUCT_VERSION=8.7
-[~:#]- cat /etc/oracle-release
Oracle Linux Server release 8.7
-[~:#]-
*** [Makefile:59: all] Error 2
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
struct nl_sock *nl_sock = nl_socket_alloc();
+if (!nl_sock)
+{
+msg(msglevel, "Allocating net link socket failed");
+ret = -1;
+goto err_sock;
+}
+
ret = genl_connect(nl_sock);
if (ret)
{
--
Antonio Quartulli
ne.
(this is what we do in other functions of this file)
Cheers,
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
vise on #3.
Cheers,
Matthias
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
you can assign everything to 'void *'.
Cheers,
}
}
}
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
ed-by: Antonio Quartulli
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
DCO_DEBUG, "%s: peer-id %d", __func__, peer_id);
+if (!c->c1.tuntap)
+{
+return 0;
+}
+
dco_context_t *dco = &c->c1.tuntap->dco;
struct nl_msg *nl_msg = ovpn_dco_nlmsg_create(dco, OVPN_CMD_GET_PEER);
struct nlattr *attr = nla_nes
Spot on and sorry for forgetting to mentioning it:
You need ovpn-dco at this commit:
commit 726fdfe0fa21aa4e87c5a60294ea0365ce7b6809 (HEAD -> master,
origin/master)
Author: Antonio Quartulli
Date: Mon Mar 20 23:50:52 2023 +0100
ovpn-dco: store and report transport rx/tx stats as w
Hi,
On 23/03/2023 09:03, Gert Doering wrote:
From: Antonio Quartulli
When retrieving the multi_instance of a specific peer,
there is no need to peform a linear search across the
whole m->hash list. We can directly access the needed
object via m->instances[peer-id] in constant time (an
ristof Provost
Change-Id: I8d8af6f872146604a9710edf443db65df48ac3cb
Signed-off-by: Antonio Quartulli
---
NOTE: not tested because I have no FreeBSD environment
Changes from v1:
* added boundary check on peer-id
Changes from v2:
* use one check only instead of two
---
src/openvpn/dco_freebsd.
With this API it is possible to retrieve the stats for a specific peer
or for all peers and then update the userspace counters with the value
reported by DCO.
Change-Id: Ia3990b86b1be7ca844fb1674b39ce0d60528ccff
Signed-off-by: Antonio Quartulli
---
Changes from v1:
* use m->instances[] inst
With this API it is possible to retrieve the stats for a specific peer
or for all peers and then update the userspace counters with the value
reported by DCO.
Change-Id: Ia3990b86b1be7ca844fb1674b39ce0d60528ccff
Signed-off-by: Antonio Quartulli
---
Changes from v1:
* use m->instances[] inst
ristof Provost
Change-Id: I8d8af6f872146604a9710edf443db65df48ac3cb
Signed-off-by: Antonio Quartulli
---
NOTE: not tested because I have no FreeBSD environment
Changes from v1:
* added boundary check on peer-id
---
src/openvpn/dco_freebsd.c | 27 ---
1 file changed, 12 inse
Hi,
On 22/03/2023 08:14, Gert Doering wrote:
Hi,
On Wed, Mar 22, 2023 at 12:10:03AM +0100, Antonio Quartulli wrote:
+struct multi_instance *mi = m->instances[peer_id];
+if (!mi)
{
This (and undoubtedly the same code in dco_linux.c) is trusting the
kernel to never ret
Hi,
On 22/03/2023 00:10, Antonio Quartulli wrote:
When retrieving the multi_instance of a specific peer,
there is no need to peform a linear search across the
whole m->hash list. We can directly access the needed
object via m->instances[peer-id] in constant time (and
just one line o
ristof Provost
Change-Id: I8d8af6f872146604a9710edf443db65df48ac3cb
Signed-off-by: Antonio Quartulli
---
NOTE: not tested because I have no FreeBSD environment and I
can't find how to kick off the buildbot
---
src/openvpn/dco_freebsd.c | 22 +-
1 file changed, 5 insert
With this API it is possible to retrieve the stats for a specific peer
or for all peers and then update the userspace counters with the value
reported by DCO.
Change-Id: Ia3990b86b1be7ca844fb1674b39ce0d60528ccff
Signed-off-by: Antonio Quartulli
---
Changes from v1:
* use m->instances[] inst
Signed-off-by: Antonio Quartulli
---
src/openvpn/multi.c | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index 53c17b3a..1f0a9c01 100644
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -549,7 +549,10 @@ multi_del_iroutes
With this API it is possible to retrieve the stats for a specific peer
or for all peers and then update the userspace counters with the value
reported by DCO.
Change-Id: Ia3990b86b1be7ca844fb1674b39ce0d60528ccff
Signed-off-by: Antonio Quartulli
---
Pleas, use the latest ovpn-dco master branch
)
where the errno=4 (and its human readable representation) is a leftover
from the previous recv() interrupted by a signal and it is totally
unrelated to this netlink failure.
Signed-off-by: Antonio Quartulli
---
src/openvpn/dco_linux.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff
Ignore the last message - it was meant for another patch *shrug*
On 09/03/2023 16:02, Antonio Quartulli wrote:
This is being discussed on Gerrit at:
https://gerrit.openvpn.net/c/openvpn/+/28
On 09/03/2023 14:14, Antonio Quartulli wrote:
In order to provide better support in case of
1 - 100 of 4739 matches
Mail list logo
