: I7a1765661f7676eeba8016024080fd1026220ced
Signed-off-by: Selva Nair
Acked-by: Antonio Quartulli
---
v2: Add '--' prefix when referring to auth-user-pass
and mention related github issue
doc/man-sections/client-options.rst | 11 +++
doc/man-sections/inline-files.rst | 2 +-
2 files changed, 12 insertions(+), 1
Acked-by: Antonio Quartulli
---
Does this have to go through gerrit?
doc/man-sections/client-options.rst | 11 +++
doc/man-sections/inline-files.rst | 2 +-
2 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/doc/man-sections/client-options.rst
b/doc/man-sections/client
lla if() go.
Cheers,
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Hi,
On 16/02/2024 15:00, Antonio Quartulli wrote:
Hi,
On 15/02/2024 17:17, Gert Doering wrote:
Hi,
On Thu, Feb 15, 2024 at 03:59:02PM +, its_Giaan (Code Review) wrote:
if (buf->len > 0)
{
- /*
- * The --passtos and --mssfix options require
-
not something we need to test for here (= if
only an IPv6 flag is active, why should we enter this branch?).
We need to enter for either v4 or v6 flags, no?
The check on whether the packet is v4 or v6 happens *inside* this if
block. Am I wrong?
Cheers,
--
Ant
you are seeing is the result of this
implementation detail or something else, especially because in some
cases you get higher throughput.
Cheers,
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https
to OpenVPN, but just a generic network
configuration issue.
Regards,
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Hi,
On 21/11/2023 18:06, Arne Schwabe wrote:
This can happen if the memory alloc fails.
Patch V2: add goto error
Patch V3: return -ENOMEM instead of going to error
Change-Id: Iee66caa794d267ac5f8bee584633352893047171
Signed-off-by: Arne Schwabe
Acked-by: Antonio Quartulli
---
src
the client itself.
Arne
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
semantic, I think we should simply document
what the code does.
Cheers,
Regards,
Selva
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
From: Antonio Quartulli
Add an important detail about the DNS configured via this option
to be an "interface-specific" DNS. This detail is important when
troubleshooting DNS issues since this logic will bypass the
routing table.
Signed-off-by: Antonio Quartulli
---
doc/man-se
t in openssl/opensslconf.h
#endif
]]
)],
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
rent message for this case?
Cheers,
#endif
]]
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
struct event_timeout *server_poll_timeout,
struct signal_info *sig_info);
void socks_process_incoming_udp(struct buffer *buf,
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
dco_multi_get_localaddr())
Prevent crash by running this code only if proto is UDP.
The same check is already performed in socket.c/h for the non-DCO
case.
Fixes: https://github.com/OpenVPN/openvpn/issues/390
Change-Id: I61adc26ce2ff737e020c3d980902a46758cb23e5
Signed-off-by: Antonio Quartulli
---
src/openvpn
Reported-by: Matt Whitlock
Change-Id: Ic473fbc447741e54a9aac83c70bc4e6d87d91080
Signed-off-by: Antonio Quartulli
---
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 5ab1d0df..2f65cbd5 100644
--- a/configure.ac
+++ b/configure.ac
co_read_bytes);
| ~~
| |
| counter_type {aka long long unsigned int}
Signed-off-by: Sergey Korolev
Thanks for catching this!
Acked-by: Antonio Quartulli
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourcefo
ER_key_length(kt));
+EVP_CIPHER_free(kt);
}
+
This is not required - please remove it before merging.
int
cipher_ctx_iv_length(const EVP_CIPHER_CTX *ctx)
{
Acked-by: Antonio Quartulli
--
Antonio Quartulli
___
Openvpn-devel mailing li
eers,
Best regards,
Kristof
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
--
Antonio Quartulli
--
Antonio Quartulli
___
O
if (A ==
NULL). Although I am not sure if the whole codebase was cleaned up yet
or not.
Cheers,
+{
+close(fd);
+return false;
+}
ifcr.ifcr_count = ifcr.ifcr_total;
ifcr.ifcr_buffer = buf;
--
Antonio Quartulli
Hi,
On 15/05/2023 16:21, Frank Lichtenheld wrote:
Leaks a small amount of memory every 15s.
Signed-off-by: Frank Lichtenheld
wonderful catch, Frank!
Acked-by: Antonio Quartulli
---
src/openvpn/dco_linux.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src
for FreeBSD can be found in https://reviews.freebsd.org/D39570
Signed-off-by: Kristof Provost
This looks good to me and I think it's reasonable to use the
CMD_SWAP_KEYS as notification for userspace to actually trigger a key
rotation.
Acked-by: Antonio Quartulli
Linux and Windows part
lt;https://bugzilla.oracle.com/>"
ORACLE_BUGZILLA_PRODUCT="Oracle Linux 8"
ORACLE_BUGZILLA_PRODUCT_VERSION=8.7
ORACLE_SUPPORT_PRODUCT="Oracle Linux"
ORACLE_SUPPORT_PRODUCT_VERSION=8.7
-[~:#]- cat /etc/oracle-release
Oracle Linux Server release 8.7
-[~:#]- cat /etc/redha
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net
struct nl_sock *nl_sock = nl_socket_alloc();
+if (!nl_sock)
+{
+msg(msglevel, "Allocating net link socket failed");
+ret = -1;
+goto err_sock;
+}
+
ret = genl_connect(nl_sock);
if (ret)
{
--
Antonio Quartulli
ne.
(this is what we do in other functions of this file)
Cheers,
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Matthias
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
everything to 'void *'.
Cheers,
}
}
}
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
-by: Antonio Quartulli
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
peer-id %d", __func__, peer_id);
+if (!c->c1.tuntap)
+{
+return 0;
+}
+
dco_context_t *dco = >c1.tuntap->dco;
struct nl_msg *nl_msg = ovpn_dco_nlmsg_create(dco, OVPN_CMD_GET_PEER);
struct nlattr *attr = nla_nest_start(nl_msg, OVPN_ATTR_GET_PEER
Spot on and sorry for forgetting to mentioning it:
You need ovpn-dco at this commit:
commit 726fdfe0fa21aa4e87c5a60294ea0365ce7b6809 (HEAD -> master,
origin/master)
Author: Antonio Quartulli
Date: Mon Mar 20 23:50:52 2023 +0100
ovpn-dco: store and report transport rx/tx stats as w
Hi,
On 23/03/2023 09:03, Gert Doering wrote:
From: Antonio Quartulli
When retrieving the multi_instance of a specific peer,
there is no need to peform a linear search across the
whole m->hash list. We can directly access the needed
object via m->instances[peer-id] in constant time (an
ristof Provost
Change-Id: I8d8af6f872146604a9710edf443db65df48ac3cb
Signed-off-by: Antonio Quartulli
---
NOTE: not tested because I have no FreeBSD environment
Changes from v1:
* added boundary check on peer-id
Changes from v2:
* use one check only instead of two
---
src/openvpn/dco_freebsd.
With this API it is possible to retrieve the stats for a specific peer
or for all peers and then update the userspace counters with the value
reported by DCO.
Change-Id: Ia3990b86b1be7ca844fb1674b39ce0d60528ccff
Signed-off-by: Antonio Quartulli
---
Changes from v1:
* use m->instances[] inst
With this API it is possible to retrieve the stats for a specific peer
or for all peers and then update the userspace counters with the value
reported by DCO.
Change-Id: Ia3990b86b1be7ca844fb1674b39ce0d60528ccff
Signed-off-by: Antonio Quartulli
---
Changes from v1:
* use m->instances[] inst
ristof Provost
Change-Id: I8d8af6f872146604a9710edf443db65df48ac3cb
Signed-off-by: Antonio Quartulli
---
NOTE: not tested because I have no FreeBSD environment
Changes from v1:
* added boundary check on peer-id
---
src/openvpn/dco_freebsd.c | 27 ---
1 file changed, 12 inse
Hi,
On 22/03/2023 08:14, Gert Doering wrote:
Hi,
On Wed, Mar 22, 2023 at 12:10:03AM +0100, Antonio Quartulli wrote:
+struct multi_instance *mi = m->instances[peer_id];
+if (!mi)
{
This (and undoubtedly the same code in dco_linux.c) is trusting the
kernel to never ret
Hi,
On 22/03/2023 00:10, Antonio Quartulli wrote:
When retrieving the multi_instance of a specific peer,
there is no need to peform a linear search across the
whole m->hash list. We can directly access the needed
object via m->instances[peer-id] in constant time (and
just one line o
ristof Provost
Change-Id: I8d8af6f872146604a9710edf443db65df48ac3cb
Signed-off-by: Antonio Quartulli
---
NOTE: not tested because I have no FreeBSD environment and I
can't find how to kick off the buildbot
---
src/openvpn/dco_freebsd.c | 22 +-
1 file changed, 5 insertions(
With this API it is possible to retrieve the stats for a specific peer
or for all peers and then update the userspace counters with the value
reported by DCO.
Change-Id: Ia3990b86b1be7ca844fb1674b39ce0d60528ccff
Signed-off-by: Antonio Quartulli
---
Changes from v1:
* use m->instances[] inst
Signed-off-by: Antonio Quartulli
---
src/openvpn/multi.c | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index 53c17b3a..1f0a9c01 100644
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -549,7 +549,10 @@ multi_del_iroutes
With this API it is possible to retrieve the stats for a specific peer
or for all peers and then update the userspace counters with the value
reported by DCO.
Change-Id: Ia3990b86b1be7ca844fb1674b39ce0d60528ccff
Signed-off-by: Antonio Quartulli
---
Pleas, use the latest ovpn-dco master branch
)
where the errno=4 (and its human readable representation) is a leftover
from the previous recv() interrupted by a signal and it is totally
unrelated to this netlink failure.
Signed-off-by: Antonio Quartulli
---
src/openvpn/dco_linux.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff
Ignore the last message - it was meant for another patch *shrug*
On 09/03/2023 16:02, Antonio Quartulli wrote:
This is being discussed on Gerrit at:
https://gerrit.openvpn.net/c/openvpn/+/28
On 09/03/2023 14:14, Antonio Quartulli wrote:
In order to provide better support in case
-Id: Ia1297c3ae9a28b188ed21ad21ae96fff3d02ee4d
[l...@openvpn.net: ensure win_dco flag is still exposed]
Signed-off-by: Antonio Quartulli
---
Changes from v1:
* improved comments
* improved commit message
This patch was also reviewed and approved on gerrit at:
https://gerrit.openvpn.net/c/openvpn
This is being discussed on Gerrit at:
https://gerrit.openvpn.net/c/openvpn/+/28
On 09/03/2023 14:14, Antonio Quartulli wrote:
In order to provide better support in case of troubleshooting issues,
it's important to know what exact DCO version is loaded on the user
system.
Therefore print
with a follow-up patch.
For Linux we directly fetch the module version from /sys and print
something like:
DCO version: 0.1.20230206-15-g580608ec7c59
Change-Id: Ie1f6fa5d12a473d353d84fd119c2430b638e8bcd
Signed-off-by: Antonio Quartulli
---
Changes from v1:
* beautify usage of buf with some
ver, this was not happening in
tls_crypt_v2_unwrap_client_key() thus leading to the assert being triggered.
Acked-by: Antonio Quartulli
---
src/openvpn/tls_crypt.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c
index 8882d5de0..4f22f8af7 100
with a follow-up patch.
For Linux we directly fetch the module version from /sys and print
something like:
DCO version: 0.1.20230206-15-g580608ec7c59
Change-Id: Ie1f6fa5d12a473d353d84fd119c2430b638e8bcd
Signed-off-by: Antonio Quartulli
---
Changes from v1:
* beautify usage of buf with some
Hi,
On 09/03/2023 13:13, Kristof Provost via Openvpn-devel wrote:
This should use BSTR(data) instead.
I copied Antonio’s code here, but that is better, so I’ll fix that too.
dang! with one email Arne spoiled two patches!
Cheers,
--
Antonio Quartulli
Hi,
On 09/03/2023 10:03, Kristof Provost wrote:
On 9 Mar 2023, at 9:57, Antonio Quartulli wrote:
On 09/03/2023 09:36, Kristof Provost wrote:
On 9 Mar 2023, at 1:52, Antonio Quartulli wrote:
In order to provide better support in case of troubleshooting issues,
it's important to know what
Hi,
On 09/03/2023 09:36, Kristof Provost wrote:
On 9 Mar 2023, at 1:52, Antonio Quartulli wrote:
In order to provide better support in case of troubleshooting issues,
it's important to know what exact DCO version is loaded on the user
system.
Therefore print the DCO version during bootup
with a follow-up patch.
For Linux we directly fetch the module version from /sys and print
something like:
DCO version: 0.1.20230206-15-g580608ec7c59
Cc: Lev Stipakov
Cc: Kristof Provost
Change-Id: Ie1f6fa5d12a473d353d84fd119c2430b638e8bcd
Signed-off-by: Antonio Quartulli
---
src/openvpn
was not there at all.
Under the hood DCO will redirect control packets to the transport socket
without altering them, so that userspace can happily process them as
usual.
Change-Id: Ia1297c3ae9a28b188ed21ad21ae96fff3d02ee4d
[l...@openvpn.net: ensure win_dco flag is still exposed]
Signed-off-by: Antonio Quartulli
30s). Avoid this situation by setting the socket to be
non-blocking, so we get a status in this case that allows us to continue.
Change-Id: I35447c23a9350176007df5455bf9451021e9856d
Signed-off-by: Arne Schwabe
Well spotted!
Acked-by: Antonio Quartulli
---
src/openvpn/dco_linux.c | 2 ++
1 f
Signed-off-by: Antonio Quartulli
---
As concluded on IRC, this version does what we want it to do.
We also quickly tested with some sample program to make sure we weren't
making this up.
src/openvpn/tls_crypt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/openvpn
not enough data in tls-crypt-v2 client key");
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Hi,
On 03/03/2023 12:27, Antonio Quartulli wrote:
Hi,
On 03/03/2023 12:05, Kristof Provost via Openvpn-devel wrote:
From: Kristof Provost
FreeBSD's if_ovpn will never emit this as a peer deletion reason
(because it doesn't support TCP), but this allows us to align the
defines between Linux
EER_REASON_USERSPACE:
/* We assume that is ourselves. Unfortunately, sometimes these
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
With this change we extend the text exposed to people opening a bug in
the OpenVPN project.
Hopefully they will read and immediately understand that GH is not the
right place to report ossues about commercial products.
Change-Id: Idd039612698a6b08f9544450885d1a5f77fd95c6
Signed-off-by: Antonio
only once, therefore
they won't cause the recursion to continue indefinitely.
Acked-by: Antonio Quartulli
---
src/openvpn/dco.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index 3087a0df..b53332a8 100644
--- a/src/openvpn/dco.c
+++ b/src/ope
Hi,
On 20/02/2023 10:06, Lev Stipakov wrote:
From: Lev Stipakov
DCO doesn't support proxy and we already disable DCO
is proxy is set in profile.
Signed-off-by: Lev Stipakov
Acked-by: Antonio Quartulli
---
v2: use dco_enabled() helper function
src/openvpn/init.c | 6 ++
1 file
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
(shrug).
Acked-by: Antonio Quartulli
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
to
make people aware of the new dependency.
Signed-off-by: Frank Lichtenheld
Acked-by: Antonio Quartulli
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
DHCP server and
tap-windows6 driver is not used, print a clear error message
instead of obscure reference to --ip-win32.
Reported-by: Marek Zarychta
Signed-off-by: Lev Stipakov
Code makes sense and does what it says.
Acked-by: Antonio Quartulli
However, please not that I did not test this code
epresentation better when you want to print a
bitfield.
The fact we are using hex kinda tells me already that it's not the value
"3" that we care about.
And later is may become "10". Imho it just gets more confusing.
Cheers,
ti 7. helmik. 2023 klo 15.36 Antonio Quar
def _WIN32
diff --git a/src/openvpn/tun.h b/src/openvpn/tun.h
index 3b0a0d24..e19e1a2e 100644
--- a/src/openvpn/tun.h
+++ b/src/openvpn/tun.h
@@ -62,6 +62,10 @@ enum windows_driver_type {
#define IPW32_SET_ADAPTIVE_DELAY_WINDOW 300
#define IPW32_SET_ADAPTIVE_TRY_NETSH20
+/* bit flags for DHCP options */
+#define DHCP_OPTIONS_DHCP_OPTIONAL (1<<0)
+#define DHCP_OPTIONS_DHCP_REQUIRED (1<<1)
+
struct tuntap_options {
/* --ip-win32 options */
bool ip_win32_defined;
@@ -90,7 +94,7 @@ struct tuntap_options {
/* --dhcp-option options */
-bool dhcp_options;
+int dhcp_options;
const char *domain; /* DOMAIN (15) */
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
The linux userspace API header has acquired the MIT license (check the
ovpn-dco repository for the related change), therefore we simply bring
this change in our local copy to ensure compliancy.
Signed-off-by: Antonio Quartulli
---
src/openvpn/ovpn_dco_linux.h | 2 +-
1 file changed, 1 insertion
, for now it makes sense to extend the userspace
buffer in order to decrease the likelihood of filling it up during
normal operations.
Therefore this patch gets my ACK:
Acked-by: Antonio Quartulli
[please add spaces around the '*' operator]
---
src/openvpn/dco_linux.c | 5 +
1 file
t is flexible enough to prevent this from
happening in the future.
There are some floating ideas.
Anyway, the discussion will continue in the other thread.
Regarding this patch:
Acked-by: Antonio Quartulli
Maybe we need a fbsd14 buildbot?
Cheers,
Hi,
On 13/01/2023 09:44, Gert Doering wrote:
Hi,
On Fri, Jan 13, 2023 at 09:37:49AM +0100, Antonio Quartulli wrote:
On 13/01/2023 09:32, Kristof Provost wrote:
I???m not sure how we???d cope with supporting building on older releases
though. Not a worry just yet, because FreeBSD main
;| version of the if_ovpn.h file, no?
So as long as the file contains all the enums it will compile just fine.
Cheers,
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listin
Hi,
for the netlink/sitnl bits: this makes sense to me.
I agree with Selva that the v6 variant could benefit from the same
treatment.
However, this patch can also be hacked on its own
Acked-by: Antonio Quartulli
On 11/01/2023 17:08, Gert Doering wrote:
The code in sitnl_route_set() used
When a peer is removed with reason "ping expire", we should kill the
instance with SIGUSR1 and not SIGTERM
Cc: Arne Schwabe
Signed-off-by: Antonio Quartulli
--
Arne, I am not 100% sure why but it seems for ping-restart we always use
SIGUSR1, right? but the DCO handling code was
Signed-off-by: Antonio Quartulli
---
--no-verify is required upon commit due to changes in ovpn_dco_linux.h
Little logging improvement for https://github.com/OpenVPN/ovpn-dco/issues/9
---
src/openvpn/multi.c | 4
src/openvpn/ovpn_dco_linux.h | 5 +++--
2 files changed, 7
{
/* Something bad happened. Kill the connection to
Rest looks good. Thanks!
Acked-by: Antonio Quartulli
However, as discussed on IRC: *why* are we running the check_tls code is
the peer has gone away and we have switched the peer-id to -1?
This is the real questi
While at it also improve the debug message itself
to be more self-explanatory.
Signed-off-by: Antonio Quartulli
---
src/openvpn/multi.c | 13 +
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index b10a6d8d..8facc66f 100644
no
message was truly delivered by DCO.
Currently this can be verified by chacking that the peed_is is greater
than -1.
Signed-off-by: Antonio Quartulli
---
src/openvpn/multi.c | 10 +-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
inde
After processing a message, all fields of the dco object should be
re-initialized so that future processings are not affected by stale
values.
This includes dco_del_peer_reason.
Since its values can start at 0, re-initialize it with -1.
Signed-off-by: Antonio Quartulli
---
src/openvpn/multi.c
some statistics, and room for improvements :-)
Yeah, this was the best course of action in my opinion as well.
Cheers,
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists
stats.
This way we don't mix up the logic of counting the bytes per peer, and
keeping a general picture of the VPN process.
Cheers,
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
emoteaddr, );
+}
+msg(D_DCO_DEBUG, "%s: peer-id %d, fd %d, remote addr: %s", __func__,
+peerid, sd, remotestr);
+
struct nl_msg *nl_msg = ovpn_dco_nlmsg_create(dco, OVPN_CMD_NEW_PEER);
struct nlattr *attr = nla_nest_start(nl_msg, OVPN_ATTR_NEW_PEER);
in
when they may happen
Still, this is a rant for another patch/cleanup.
This patch makes sense
Acked-by: Antonio Quartulli
---
src/openvpn/dco.c | 14 +-
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index 36bfbf10a..20196f
Schwabe
This makes sense to me.
We didn't do that earlier because we weren't sure about what to doing
this case, but issuing USR1 and bailing out is actually sensible.
Acked-by: Antonio Quartulli
---
src/openvpn/dco.c | 15 ---
src/openvpn/dco.h | 9 ++---
src
.
Introduce a dco_(read|write)_bytes so that we don't clobber the existing
statistics, which still count control packets, sent or received directly
through the socket.
Signed-off-by: Kristof Provost
Acked-by: Antonio Quartulli
---
src/openvpn/dco.h | 8
src/openvpn/dco_freebsd.c
Hi,
On 13/12/2022 05:46, Gert Doering wrote:
Hi,
On Mon, Dec 12, 2022 at 09:53:36PM +0100, Antonio Quartulli wrote:
On 05/12/2022 17:41, Kristof Provost via Openvpn-devel wrote:
[cut]
+int
+dco_get_peer_stats(dco_context_t *dco, struct multi_context *m)
+{
+
+struct ifdrv drv
sible attributes?
This way, if we want to retrieve another attribute in the future, this
attribute will already be delivered by the same API, without the need to
implement a new command each time.
Cheers,
--
Antonio Quartulli
___
Openvpn-devel mailing li
am late to the party - but still wanted to give my virtual ACK
Acked-by: Antonio Quartulli
Thanks for cleaning after my half baked fix!
Cheers,
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.s
P2P mode with pre-shared key is deprecated, unsecure and should NOT be
used. This said we still carry it around for a bit and we have to make
sure it does not fights with DCO.
Disable DCO at all when --secret is specified.
Signed-off-by: Antonio Quartulli
---
src/openvpn/dco.c | 6 ++
1
userspace
socket in that case.
Patch v2: fix windows code path
Signed-off-by: Arne Schwabe
I couldn't test this patch extensively, but it looks good to me.
This basically completes what I discussed with Arne some weeks ago.
Acked-by: Antonio Quartulli
However, please ensure to get this patch
Hi,
On 16/11/2022 01:54, Arne Schwabe wrote:
Without the == it is enough if any of the bits EARLY_NEG_START is set
(0xf0), we want them all to be set. If EARLY_NEG_START were a
flag/single bit, you would be right.
Ouch, I indeed assumed it was 1 bit only..
Cheers,
--
Antonio Quartulli
nts that support early negotiation and tls-crypt are assumed
* to also support resending the WKc in the 2nd packet */
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
ext is much better than before.
After ironing out some details in v2 it got even clearer.
I see no reason why it should not be merged in this form.
Should somebody not feel it's 100% clear, a follow-up patch can always
be sent to improve the text even more.
Acked-by: Antonio Quartulli
---
When closing the tunnel interface we know if we were using DCO or not.
for this reason we can customize the closing message and make it
consistent with the opening one.
Signed-off-by: Antonio Quartulli
---
Changes from v1:
* use termary if instead of full blown if block
---
src/openvpn/init.c
the openvpn-dev feed for openwqrt?
(https://github.com/OpenVPN/openvpn-dev-openwrt)
Cheers,
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
f(LINUX_VERSION_CODE < KERNEL_VERSION(5,19,0))
netif_tx_napi_add(ovpn->dev, >napi, ovpn_napi_poll,
NAPI_POLL_WEIGHT);
+#else
+ netif_napi_add_tx(ovpn->dev, >napi, ovpn_napi_poll);
+#endif
napi_enable(>napi);
dev_h
Hi,
On 19/09/2022 17:35, Antonio Quartulli wrote:
In P2P mode when the peer reconnects we have to renew the state in DCO
in order to inform it about the new peer-id.
Cc: Arne Schwabe
Signed-off-by: Antonio Quartulli
---
Changes from v1:
* remove useless arguments from tls_multi_process
FAICS, just the if() here is weird)
Using -1 makes sense, because 0 is a valid peer ID. I presume just that
if () is wrong.
Cheers,
gert
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listi
t to go the clean way, we should use strlen() == 0, but I
understand that may be overkill]
my 3 cents.
Cheers,
{
multi->locked_username = string_alloc(username, NULL);
}
--
Antonio Quartulli
___
Openvpn-dev
1 - 100 of 1325 matches
Mail list logo