Re: [Openvpn-devel] [PATCH] Fix win32 building with C99 mode

Hi, On Sat, Sep 17, 2016 at 9:20 AM, Gert Doering wrote: > In -std=c99 mode, WIN32 is not defined to be "1" anymore, but just > "#define WIN32" - so the "#if WIN32" breaks, needs to be "#ifdef WIN32" > Indeed... To depend on the compiler or system headers to define WIN32

[Openvpn-devel] [PATCHv2] Enable TCP non-linear packet ID

Implementation with multiple threads needs that to be able run encryption in parallel. Tested with James' OpenVPN 3 server. --- src/openvpn/comp.c | 1 + src/openvpn/init.c | 1 - src/openvpn/options.c | 5 - src/openvpn/packet_id.c | 7 +++ src/openvpn/packet_id.h | 2 +-

Re: [Openvpn-devel] [PATCH] Enable TCP non-linear packet ID

Hi, On Sat, Sep 17, 2016 at 03:33:28PM +0200, Arne Schwabe wrote: > --- a/src/openvpn/forward.c > +++ b/src/openvpn/forward.c > @@ -391,7 +391,7 @@ check_fragment_dowork (struct context *c) >struct link_socket_info *lsi = get_link_socket_info (c); > >/* OS MTU Hint? */ > - if

Re: [Openvpn-devel] [PATCH] Fix win32 building with C99 mode

Hi, On Sat, Sep 17, 2016 at 06:40:00PM +0500, ?? wrote: > Should we add mingw compiler to travis-ci matrix? If travis can do mingw builds, that would be good. But it is complicated. gert -- USENET is *not* the non-clickable part of WWW!

Re: [Openvpn-devel] [PATCH] Fix win32 building with C99 mode

Should we add mingw compiler to travis-ci matrix? 17 сент. 2016 г. 6:34 PM пользователь "Gert Doering" написал: In -std=c99 mode, WIN32 is not defined to be "1" anymore, but just "#define WIN32" - so the "#if WIN32" breaks, needs to be "#ifdef WIN32" Signed-off-by: Gert

[Openvpn-devel] [PATCH v4] Support for disabled peer-id

From: Lev Stipakov v4: - replace magic number with define - show user a decimal value instead of hex v3: * move assert outside of loop * add max-clients value check to options v2: * Add round brackets for clarity * Rephrase comment Support for disabled peer-id When

[Openvpn-devel] [PATCH] Enable TCP non-linear packet ID

Implementation with multiple threads needs that to be able run encryption in parallel. Tested with James' OpenVPN 3 server. --- src/openvpn/comp.c | 1 + src/openvpn/forward.c | 2 +- src/openvpn/init.c | 1 - src/openvpn/options.c | 5 - src/openvpn/packet_id.c | 7 +++

[Openvpn-devel] [PATCH] Fix win32 building with C99 mode

In -std=c99 mode, WIN32 is not defined to be "1" anymore, but just "#define WIN32" - so the "#if WIN32" breaks, needs to be "#ifdef WIN32" Signed-off-by: Gert Doering --- src/openvpn/misc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git

[Openvpn-devel] [PATCHv2] Document the --auth-token option

This isn't an option to be used directly in any configuration files, but to be used via --client-connect scripts or --plugin making use of OPENVPN_PLUGIN_CLIENT_CONNECT or OPENVPN_PLUGIN_CLIENT_CONNECT_V2. [v2 - Added lacking .B styling of options - Clarified the token life time ]

Re: [Openvpn-devel] [PATCH v3] Support for disabled peer-id

Hi, On 17 September 2016 at 14:53, Lev Stipakov wrote: > From: Lev Stipakov > > v3: > * move assert outside of loop > * add max-clients value check to options > > [...] > > --- a/src/openvpn/options.c > +++ b/src/openvpn/options.c > @@ -5893,6

[Openvpn-devel] [PATCH v3] Support for disabled peer-id

From: Lev Stipakov v3: * move assert outside of loop * add max-clients value check to options v2: * Add round brackets for clarity * Rephrase comment Support for disabled peer-id When peer-id value is 0xFF, server should ignore it and treat packet in a same way

Re: [Openvpn-devel] [PATCH applied] Re: Prefer RECVDSTADDR to PKTINFO for IPv4 in OS X since it actually works (unlike PKTINFO)

Hi, On Sat, Sep 17, 2016 at 02:01:03PM +0200, Gert Doering wrote: > Your patch has been applied to the master branch. > > commit 3ffe2338c092d7bd4abace3ae9fa0b4f85cf4b87 > Author: Arne Schwabe > Date: Sat Sep 17 11:00:35 2016 +0200 Forgot to push and then David put a new patch in between, so

Re: [Openvpn-devel] how is debug/doval and debug/dovalns are supposed to be used ?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 17/09/16 14:37, ??? wrote: > Hello, > > I see couple of valgrind-like tests > > debug/dovalns debug/doval > > however, I do not see any usage of them > > [ilia@localhost openvpn]$ find . -type f -exec grep doval {} ';' > -print Binary

Re: [Openvpn-devel] [PATCH applied] Add SHA256 fingerprint support

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ACK! Your patch has been applied to the master branch This patch includes also the clean cert_hash_remember scoping patch. commit af1e4d26ab65bd71de168ea621ca55d0e40a0bc1 Author: Steffan Karger Date: Thu May 5 22:14:07 2016 +0200 Add SHA256

[Openvpn-devel] [PATCH applied] Re: Prefer RECVDSTADDR to PKTINFO for IPv4 in OS X since it actually works (unlike PKTINFO)

ACK. Your patch has been applied to the master branch. commit 3ffe2338c092d7bd4abace3ae9fa0b4f85cf4b87 Author: Arne Schwabe Date: Sat Sep 17 11:00:35 2016 +0200 Prefer RECVDSTADDR to PKTINFO for IPv4 in OS X since it actually works (unlike PKTINFO) Acked-by: Gert Doering

[Openvpn-devel] [PATCH applied] Re: Fix ENABLE_WITH_OPENSSL set to YES even with --disable-crypto set

ACK. Your patch has been applied to the master branch. Text changed to read "ENABLE_CRYPTO_OPENSSL" commit d13a40a4a477bae3efede6945174df1cb2c3aa69 Author: Arne Schwabe Date: Sat Sep 17 13:16:46 2016 +0200 Fix ENABLE_CRYPTO_OPENSSL set to YES even with --disable-crypto set

[Openvpn-devel] how is debug/doval and debug/dovalns are supposed to be used ?

Hello, I see couple of valgrind-like tests debug/dovalns debug/doval however, I do not see any usage of them [ilia@localhost openvpn]$ find . -type f -exec grep doval {} ';' -print Binary file ./.git/index matches ./.git/index [ilia@localhost openvpn]$ I would like to valgrind tests to

Re: [Openvpn-devel] [PATCH applied] t_client.sh: Improve detection if the OpenVPN process did start during tests

ACK, thanks. Your patch has been applied to the following branches commit 3712322ee1219e55640f2f4e5f822799edacd7cc (master) commit 3347d51ea779b190864fe0715da3e9d7e8fa365c (release/2.3) Author: David Sommerseth Date: Sat Sep 17 14:18:05 2016 +0300 t_client.sh: Improve detection if the

Re: [Openvpn-devel] [PATCH] enable "--disable-crypto" build configuration

2016-09-17 16:17 GMT+05:00 Steffan Karger : > Hi, > > On 17 September 2016 at 12:54, Ilya Shipitsin > wrote: > > --- > > .travis.yml | 4 > > 1 file changed, 4 deletions(-) > > > > diff --git a/.travis.yml b/.travis.yml > > index 452c48e..369db97

Re: [Openvpn-devel] [PATCH applied] t_client.sh: Add support for Kerberos/ksu

Your patch has been applied to the following branches commit 6b25b99fe4b8bdf5cdba4a0fb247df40277d0525 (master) commit f1b66b21f2f5c0ef74903048f84d69023ef21b8e (release/2.3) Author: David Sommerseth Date: Sat Sep 17 13:50:33 2016 +0300 t_client.sh: Add support for Kerberos/ksu

[Openvpn-devel] [PATCH] t_client.sh: Improve detection if the OpenVPN process did start during tests

This will check the OpenVPN log file if the process initialized successfully. It will check the log file for 30 seconds before aborting the test run. This also has the advantage of starting the testing quicker if the initialization goes faster than 10 seconds (which was the old sleep time). The

[Openvpn-devel] [PATCH] Fix ENABLE_WITH_OPENSSL set to YES even with --disable-crypto set

On OS X openssl/x509.h is not in the standard include path and the files still try to include since the includes only depend on on ENABLE_WITH_OPENSSL. --- configure.ac | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index 5c5cdf8..e4f613b

[Openvpn-devel] [PATCH] enable "--disable-crypto" build configuration

--- .travis.yml | 4 1 file changed, 4 deletions(-) diff --git a/.travis.yml b/.travis.yml index 452c48e..369db97 100644 --- a/.travis.yml +++ b/.travis.yml @@ -51,10 +51,6 @@ matrix: os: osx osx_image: xcode7.3 compiler: clang - allow_failures: -- env:

[Openvpn-devel] [PATCHv3] t_client.sh: Add support for Kerberos/ksu

If the t_client.rc have PREFER_KSU=1 configured, t_client.sh will check if you have a valid Kerberos ticket and if so it will do all execution via ksu instead of sudo. If PREFER_KSU is not set or a Kerberos ticket is not found, it will fallback to the configured RUN_SUDO approach. When using ksu

Re: [Openvpn-devel] [PATCHv2] t_client.sh: Add support for Kerberos/ksu

Hi, On Sat, Sep 17, 2016 at 01:19:33PM +0300, David Sommerseth wrote: > +klist -l &> /dev/null NAK :) (bashism, on ksh it will just put "klist -l" into the background) gert -- USENET is *not* the non-clickable part of WWW!

[Openvpn-devel] [PATCH v3 (release/2.3)] Drop recursively routed packets

From: Lev Stipakov v3: Use better way of figuring out IP proto version which does not break TAP mode. Add an option to allow recursive routing, could be useful when packets sent by openvpn itself are not subject to the routing tables that would move packets into the

[Openvpn-devel] [PATCH v4] Remove tun-ipv6 Option. Instead assume that IPv6 is always supported.

This option was useful when Ipv6 tun support was non standard and was an internal/user specified flag that tracked the Ipv6 capability of the tun device. All supported OS support IPv6. Also tun-ipv6 is pushable by the remote so not putting tun-ipv6 does not forbid ipv6 addresses. This commit

Re: [Openvpn-devel] [PATCH] Show compile-time variant for --multihome in --version output.

Am 16.09.16 um 22:45 schrieb Gert Doering: > Instead of just [MH], show [MH/PKTINFO] or [MH/RECVDA], to see more > easily which compile-time variant was chosen by configure and syshead.h > ACK from me. Arne --

Re: [Openvpn-devel] [PATCH] Fix IP_PKTINFO related compilation failure on NetBSD 7.0

Am 16.09.16 um 22:02 schrieb Gert Doering: > NetBSD has introduced IP_PKTINFO and struct in_pktinfo, but does not > have the "ipi_spec_dst" structure element, causing compilation errors. > > Introduce a check for that (AC_CHECK_MEMBER) in configure.ac, and > change all "#ifdef HAVE_IN_PKTINFO" to

Re: [Openvpn-devel] [PATCH applied] initial travis-ci support

ACK. Your patch has been applied to the master branch (Talking with Steffan, we've decided to squash both patches into just one, because it seems to be somewhat silly to add a file just to completely rewrite in the next patch again) commit 368991264d82f038bde30a67910ac6c7681a4ba9 Author: Ilya