Acked-by: Gert Doering
We had a long and heated discussion about this... I wanted a 3-liner that
just does the "if (DCO && compression) { explode(); }" bit, but this is
indeed making the code more readable - and my fix might have interfered
with server / ccd/ option handling anyway.
This patch
Acked-by: Gert Doering
"git show -w" shows that this is mostly whitespace changes and
streq()'ing alg instead of p[1] - with alg defaulting to "stub"
now (instead of having an else{} clause for "no option" that does
the same).
There is a minor difference, as "compress " would set
COMP_F_SWAP
This change keeps the option parsing of compression options even when
compression is disabled. This allows OpenVPN to also refuse/reject connections
that try to use compression when compression is completely disabled.
Change-Id: I9d7afd8f1d67d2455b4ec6bc12f4dcde80140c4f
Signed-off-by: Arne
This removes also the checks in options.c itself as they we now bail out
later and no longer need to ignore them during parsing.
Change-Id: I872c06f402c35112194ba77c3d6aee78e22547cb
Signed-off-by: Arne Schwabe
---
Changes.rst | 4
src/openvpn/comp.c| 29
This removes a level of identation and make the "stub" condition
easier to see.
Change-Id: Iae47b191f522625f81eedd3a237b272cb7374d90
Signed-off-by: Arne Schwabe
---
src/openvpn/options.c | 87 +--
1 file changed, 43 insertions(+), 44 deletions(-)
diff
This changes the "no" setting of allow-compression to also refuse framing.
This is important for our DCO implementation as these do not implement framing.
This behaviour surfaced when a commercial VPN provider was pushing
"comp-lzo no" to a client with DCO. While we are technically at fault here
Currently this is not obvious since we never build the
UTs with MSVC, but it doesn't like the initializers with
"const" variables. They cause
error C2099: initializer is not a constant
when used in an initializer.
So change all of them to preprocessor defines instead.
It also doesn't like the
For reference, my comments.
-- Forwarded message -
From: Lev Stipakov
Date: Thu, Mar 23, 2023 at 9:39 AM
Subject: Re: [Openvpn-devel] [PATCH] Print DCO client stats on SIGUSR2
To: Selva Nair
I see the point - we now have driver-specific code in functions
{multi}_print_status
I didn't realize it until Lev pointed out that this reply yesterday
didn't go to the list. FTR, copying to the list.
-- Forwarded message -
From: Selva Nair
Date: Wed, Mar 22, 2023 at 9:42 AM
Subject: Re: [Openvpn-devel] [PATCH] Print DCO client stats on SIGUSR2
To: Lev Stipakov
Acked-by: Gert Doering
This only touches linux only files, so only tested on Linux (builds with
and without DCO). The patch looks larger than it is because of a new
argument to ovpn_nl_msg_send(), but for the "existing code" this is
unused (extra argument to the callback function), so no
Spot on and sorry for forgetting to mentioning it:
You need ovpn-dco at this commit:
commit 726fdfe0fa21aa4e87c5a60294ea0365ce7b6809 (HEAD -> master,
origin/master)
Author: Antonio Quartulli
Date: Mon Mar 20 23:50:52 2023 +0100
ovpn-dco: store and report transport rx/tx stats as well
Hi,
On Wed, Mar 22, 2023 at 08:27:57PM +0100, Antonio Quartulli wrote:
> With this API it is possible to retrieve the stats for a specific peer
> or for all peers and then update the userspace counters with the value
> reported by DCO.
>
> Change-Id: Ia3990b86b1be7ca844fb1674b39ce0d60528ccff
>
Acked-by: Gert Doering
I have listened to the discussion, and I think we all agree that we
need to revisit this "DCO counter" business:
- definition of c2 structure elements
- do we need extra fields for "dco counters"?
- do we need more counters? Windows currently has
On Wed, Mar 22, 2023 at 06:14:56PM -0400, selva.n...@gmail.com wrote:
> From: Selva Nair
>
> - Enabled for the Ubuntu 22.04 build (OpenSSL 3) and one of the
> Ubuntu 20.04 builds (OpenSSL 1.1.1).
>
> Signed-off-by: Selva Nair
> ---
> .github/workflows/build.yaml | 8 ++--
> 1 file
On Wed, Mar 22, 2023 at 06:14:55PM -0400, selva.n...@gmail.com wrote:
> From: Selva Nair
>
> - Load some test certificate/key pairs into a temporary softhsm2 token
> and enumerate available objects through pkcs11-helper interface
>
> - For each object, load it into SSL_CTX and test sign (if
On Wed, Mar 22, 2023 at 06:14:54PM -0400, selva.n...@gmail.com wrote:
> From: Selva Nair
>
> - This function will be reused for testing pkcs11
>
> Signed-off-by: Selva Nair
This just moves code around.
Acked-By: Frank Lichtenheld
--
Frank Lichtenheld
As this patch has a bit of mixed history "who wrote it, who ACKed it,
what happened afterwards" I decided to record the ACK from Arne and
Kristof.
v4 has been tested on FreeBSD with DCO enabled, p2mp udp server, one client
being connected all the time and the other client reconnecting (moving
Am 23.03.23 um 09:03 schrieb Gert Doering:
From: Antonio Quartulli
When retrieving the multi_instance of a specific peer,
there is no need to peform a linear search across the
whole m->hash list. We can directly access the needed
object via m->instances[peer-id] in constant time (and
just one
Hi,
On 23/03/2023 09:03, Gert Doering wrote:
From: Antonio Quartulli
When retrieving the multi_instance of a specific peer,
there is no need to peform a linear search across the
whole m->hash list. We can directly access the needed
object via m->instances[peer-id] in constant time (and
just
From: Antonio Quartulli
When retrieving the multi_instance of a specific peer,
there is no need to peform a linear search across the
whole m->hash list. We can directly access the needed
object via m->instances[peer-id] in constant time (and
just one line of code).
Adapt the dco-freebsd code to
20 matches
Mail list logo