Re: [Openvpn-devel] [PATCH] TAP driver for Solaris patch
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 30/10/10 21:15, Gert Doering wrote: > Hi, > > back to the list after some private e-mails... > > On Fri, Oct 29, 2010 at 02:25:54PM +0200, Gert Doering wrote: >> On Mon, Sep 06, 2010 at 11:13:09PM +0900, Kazuyoshi Aizawa wrote: >>> I attached a patch for OpenVPN 2.1.3 to support TAP driver for Solaris. >>> Also, you can find the patch as well as TAP driver here. >>> http://www.whiteboard.ne.jp/~admin2/tuntap/ >> >> One oddity remains: "--mode tun" + "--topology subnet" (not using >> point-to-point but "broadcast" tun interfaces) does not work. I'm not >> sure whether this is a known limitation of the Solaris tun drivers, or >> of the way we currently access the interface - but it would be great >> if that could made to work - it's part of my set of regression tests... >> (this is *not* a problem introduced by your patch, it does not work for >> stock 2.2-beta3 either). > > This works now, thanks to Kazuyoshi-san figuring out how to do "ifconfig" > in this case, and for adding the metric setting on Solaris. > > I have patched 2.2-beta3 with the patch appended below, and successfully > tested the following cases on OpenSolaris/i386: > > - point-to-multipoint tun via UDP and TCP, "topology net30" > - point-to-multipoint tun "topology subnet" (*new*) > - point-to-multipoint tap (*new*) > > all test cases pass, including fragmented large packets (fping). I have > appended OpenVPN.log files for "topology subnet" and "tap" cases. > > Since it works on OpenSolaris, doesn't break existing functionality, and > does not touch code for other platforms at all, I'd consider this a > useful addition to OpenVPN 2.2. ACK from me for Kazuyoshi-san's changes, > and if someone else would want to review and ACK this for "obvious" > errors (mem leakage, etc), you're welcome, of course. > > David: patches below for integration into the "2.2beta" branch. > > gert Applied to the feat_misc branch, to be merged into allmerged and beta2.2. The ACK came privately to Gert and I got a private forward of that ACK. commit f0eac1a5979096c671b3674f9d80871f496d1da8 Author: Gert DoeringList-Post: openvpn-devel@lists.sourceforge.net Date: Sat Oct 30 21:03:16 2010 +0200 Make "topology subnet" work on Solaris (ifconfig + route metric changes by Kazuyoshi Aizawa, adding of local "connected subnet" route by me) Tested on OpenSolaris/i386, no impact for other TARGETs. Signed-off-by: Gert Doering Acked-by: Kazuyoshi Aizawa Signed-off-by: David Sommerseth commit 121755c2cb4891f8963ebcab5d61bc09dadf457c Author: Gert Doering List-Post: openvpn-devel@lists.sourceforge.net Date: Fri Oct 29 17:41:53 2010 +0200 Integrate support for TAP mode on Solaris, written by Kazuyoshi Aizawa . See also http://www.whiteboard.ne.jp/~admin2/tuntap/ Signed-off-by: Gert Doering Acked-by: Kazuyoshi Aizawa Signed-off-by: David Sommerseth kind regards, David Sommerseth -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkzdqi4ACgkQDC186MBRfro69gCfUjWlWdqfnZ1KOfmOOztw2pmz WQEAoLGENi88dlUjeZpLi2L0BcGCR15u =+mN9 -END PGP SIGNATURE-
Re: [Openvpn-devel] [PATCH] Socks5 username/password authentication support
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/10/10 00:56, Pierre Bourdon wrote: > Hello, > > This patch adds support for SOCKS plain text (username/password) > authentication as described in RFC 1929. It adds an optional third > parameter to the socks-proxy option, which is a file containing the > login credentials. > > I submitted this patch on the Trac (#62) two days ago, but cron2 asked > me to send it here too. It is my first contribution to the OpenVPN > project so this patch will probably need to be reworked a bit :) . > > I've been using this patch for two weeks now and it does not seem to > cause any problem. The only modifications are in the SOCKS handshake > handling and the options parser. > > Signed-Off-By: Pierre BourdonApplied to feat_misc, to be merged into allmerged and beta2.2 commit fc1fa9ffc7e3356458ec38d43816e5ddeb0c580a Author: Pierre Bourdon List-Post: openvpn-devel@lists.sourceforge.net Date: Mon Oct 11 00:56:04 2010 +0200 kind regards, David Sommerseth -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkzdqEcACgkQDC186MBRfrrmRQCcCDgla4fbkxMbvOXFZzJ6dgLE nUgAn24xN/fbpRIQ54TrdLHB1UnaLB9m =IZqf -END PGP SIGNATURE-
Re: [Openvpn-devel] [PATCH] Removed hardcoded signtool dependency from win/build_all.py
Hi, On Fri, Nov 12, 2010 at 05:50:19PM +0100, David Sommerseth wrote: > If I've understood it correctly, this is related to signing the Windows > TUN/TAP driver. So if you don't have a signing key/tool available, it > is still possible to build the rest of OpenVPN. You might even manage > to install the unsigned TUN/TAP driver with some tweaking. Isn't the openvpn.exe signed as well? gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgp6fWFafi2D7.pgp Description: PGP signature
Re: [Openvpn-devel] [PATCH] Removed hardcoded signtool dependency from win/build_all.py
Samuli Seppänen wrote: > Peter: settings.in is stored in git. Ok. > I agree that there should be no way one could make an unsigned build by > mistake. I think dazo's suggestion about having a command-line switch > ("force unsigned build") is a good one. The SIGNTOOL variable could then > be used to just locate signtool.exe and nothing else. This would make it > behave the same way as most other variables in "settings.in" and allow > making signed and unsigned builds using the same configuration file. Acked-by: Peter Stuge
Re: [Openvpn-devel] [PATCH] Removed hardcoded signtool dependency from win/build_all.py
> > What if build_all.py did this: > > > - Check if SIGNTOOL is enabled in settings.in: > > - Yes: fail if can't import "sign" module > > - No: don't fail if can't import "sign" module > > > I think existence of the SIGNTOOL variable gives a good clue of user's > > intentions. Note that the build will also fail if SIGNTOOL is defined > > and signtool.exe is not copied to the correct place > > (../signtool/signtool.exe). > > > That's fine ... but what Peter raises as a concern, which I do agree to, > is that if James' build system is changed and the driver is not signed, > earlier this would cause to a halt in the building process. With your > patch, OpenVPN + the driver will be built and not signed. > > So it's just to catch that "yes, we want to do a build without signing > the driver" and to really sign-off that explicitly when doing the build. > As James' should never do a release build without signing the driver. Peter: settings.in is stored in git. I agree that there should be no way one could make an unsigned build by mistake. I think dazo's suggestion about having a command-line switch ("force unsigned build") is a good one. The SIGNTOOL variable could then be used to just locate signtool.exe and nothing else. This would make it behave the same way as most other variables in "settings.in" and allow making signed and unsigned builds using the same configuration file. Samuli
Re: [Openvpn-devel] [PATCH] Removed hardcoded signtool dependency from win/build_all.py
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/11/10 18:11, Samuli Seppänen wrote: > >> On 12/11/10 17:55, Peter Stuge wrote: >>> David Sommerseth wrote: >> Modified win/build_all.py so that build does not fail even if >> the optional signtool python class is not available. > What is it needed for? Is it really *always* optional? If I've understood it correctly, this is related to signing the Windows TUN/TAP driver. >>> Right. >> >> So if you don't have a signing key/tool available, it is still possible to build the rest of OpenVPN. >>> Fine, but this is not really acceptable when James builds OpenVPN, >>> so I am requesting a solution that allows them to specify to the >>> build process that they want a fatal error if signing is not >>> possible. >> >> That's a good point! I didn't think about this one. >> >> What about that the build script stops up and asks if it should continue >> without signing? And in addition having a command line argument >> accepting building without signing? This latter one is more useful for >> automated community builds of the allmerged branch from >> openvpn-testing.git. >> >> >> kind regards, >> >> David Sommerseth > What if build_all.py did this: > > - Check if SIGNTOOL is enabled in settings.in: > - Yes: fail if can't import "sign" module > - No: don't fail if can't import "sign" module > > I think existence of the SIGNTOOL variable gives a good clue of user's > intentions. Note that the build will also fail if SIGNTOOL is defined > and signtool.exe is not copied to the correct place > (../signtool/signtool.exe). > That's fine ... but what Peter raises as a concern, which I do agree to, is that if James' build system is changed and the driver is not signed, earlier this would cause to a halt in the building process. With your patch, OpenVPN + the driver will be built and not signed. So it's just to catch that "yes, we want to do a build without signing the driver" and to really sign-off that explicitly when doing the build. As James' should never do a release build without signing the driver. kind regards, David Sommerseth -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkzdd7gACgkQDC186MBRfrpmGwCfXbMtUuoDmuWXTn5wOeAYy9s9 +BAAoKqWatGOoLIonfuV30UrRCczrKQn =bSuy -END PGP SIGNATURE-
Re: [Openvpn-devel] [PATCH] Removed hardcoded signtool dependency from win/build_all.py
Samuli Seppänen wrote: > What if build_all.py did this: > > - Check if SIGNTOOL is enabled in settings.in: > - Yes: fail if can't import "sign" module > - No: don't fail if can't import "sign" module This also sounds good. (Who typically creates settings.in? Is one in git?) //Peter
Re: [Openvpn-devel] [PATCH] Removed hardcoded signtool dependency from win/build_all.py
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/11/10 17:55, Peter Stuge wrote: > David Sommerseth wrote: Modified win/build_all.py so that build does not fail even if the optional signtool python class is not available. >>> >>> What is it needed for? Is it really *always* optional? >> >> If I've understood it correctly, this is related to signing the Windows >> TUN/TAP driver. > > Right. > > >> So if you don't have a signing key/tool available, it is still >> possible to build the rest of OpenVPN. > > Fine, but this is not really acceptable when James builds OpenVPN, > so I am requesting a solution that allows them to specify to the > build process that they want a fatal error if signing is not > possible. That's a good point! I didn't think about this one. What about that the build script stops up and asks if it should continue without signing? And in addition having a command line argument accepting building without signing? This latter one is more useful for automated community builds of the allmerged branch from openvpn-testing.git. kind regards, David Sommerseth -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkzdcwUACgkQDC186MBRfroz3QCfaejhSR92xYXy6RLHbapbV4Pt wkYAnR5xpl5fSsIZjTLHF1ZKJHkXnDmS =WOYo -END PGP SIGNATURE-
Re: [Openvpn-devel] [PATCH] Removed hardcoded signtool dependency from win/build_all.py
David Sommerseth wrote: > >> Modified win/build_all.py so that build does not fail even if > >> the optional signtool python class is not available. > > > > What is it needed for? Is it really *always* optional? > > If I've understood it correctly, this is related to signing the Windows > TUN/TAP driver. Right. > So if you don't have a signing key/tool available, it is still > possible to build the rest of OpenVPN. Fine, but this is not really acceptable when James builds OpenVPN, so I am requesting a solution that allows them to specify to the build process that they want a fatal error if signing is not possible. //Peter
Re: [Openvpn-devel] [PATCH] Removed hardcoded signtool dependency from win/build_all.py
> Samuli Seppänen wrote: > >> From 57b983dc2a1f4a31d3b7c0e2f6de7f778d234b2e Mon Sep 17 00:00:00 2001 >> From: =?utf-8?q?Samuli=20Sepp=C3=A4nen?=>> Date: Fri, 12 Nov 2010 17:32:19 +0200 >> Subject: [PATCH] Removed hardcoded signtool dependency from win/build_all.py >> >> Modified win/build_all.py so that build does not fail even if the optional >> signtool python class is not available. >> > > What is it needed for? Is it really *always* optional? Maybe some > setting or parameter to the script so that build can fail e.g. at > openvpn.net if building, where signing should always be done? > > > //Peter > As far as I know driver signing is supposed to be optional. From "win/settings.in": # Code Signing. # If undefined, don't sign any files. !define SIGNTOOL"../signtool" !define PRODUCT_SIGN_CN "openvpn" This "settings.in" contains many other variables used by the Python-based build system. Looking at the comments one would think that simply disabling the the SIGNTOOL variable would allow non-signed builds. This is not the case, hence the patch. I'm as open as it gets to suggestions how to make the patch better, though :). -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock
Re: [Openvpn-devel] [PATCH] Removed hardcoded signtool dependency from win/build_all.py
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/11/10 17:36, Peter Stuge wrote: > Samuli Seppänen wrote: >> From 57b983dc2a1f4a31d3b7c0e2f6de7f778d234b2e Mon Sep 17 00:00:00 2001 >> From: =?utf-8?q?Samuli=20Sepp=C3=A4nen?=>> Date: Fri, 12 Nov 2010 17:32:19 +0200 >> Subject: [PATCH] Removed hardcoded signtool dependency from win/build_all.py >> >> Modified win/build_all.py so that build does not fail even if the optional >> signtool python class is not available. > > What is it needed for? Is it really *always* optional? Maybe some > setting or parameter to the script so that build can fail e.g. at > openvpn.net if building, where signing should always be done? If I've understood it correctly, this is related to signing the Windows TUN/TAP driver. So if you don't have a signing key/tool available, it is still possible to build the rest of OpenVPN. You might even manage to install the unsigned TUN/TAP driver with some tweaking. kind regards, David Sommerseth -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkzdcEoACgkQDC186MBRfroGqwCfRZoxPtTfp08Qvs+Uvi3KzjBj Ts0AnAp3EVN3Ht2u6I6fFQ1QdQ4D+JAD =yh6e -END PGP SIGNATURE-
Re: [Openvpn-devel] [PATCH] Removed hardcoded signtool dependency from win/build_all.py
Samuli Seppänen wrote: > From 57b983dc2a1f4a31d3b7c0e2f6de7f778d234b2e Mon Sep 17 00:00:00 2001 > From: =?utf-8?q?Samuli=20Sepp=C3=A4nen?=> Date: Fri, 12 Nov 2010 17:32:19 +0200 > Subject: [PATCH] Removed hardcoded signtool dependency from win/build_all.py > > Modified win/build_all.py so that build does not fail even if the optional > signtool python class is not available. What is it needed for? Is it really *always* optional? Maybe some setting or parameter to the script so that build can fail e.g. at openvpn.net if building, where signing should always be done? //Peter
Re: [Openvpn-devel] [PATCH] Removed hardcoded sign module dependency from win/build_all.py
Second version of the patch. As suggested by dazo I added printing of an informational message if the sign module is not found. Also fixed a few typos (signtool -> sign). From a6321a47b0d4341700ad226a8b6c9abcba2052a9 Mon Sep 17 00:00:00 2001 From: =?utf-8?q?Samuli=20Sepp=C3=A4nen?=Date: Fri, 12 Nov 2010 18:31:23 +0200 Subject: [PATCH] Removed hardcoded sign module dependency from win/build_all.py Modified win/build_all.py so that build does not fail even if the optional sign python module is not available. --- win/build_all.py | 10 -- 1 files changed, 8 insertions(+), 2 deletions(-) diff --git a/win/build_all.py b/win/build_all.py index 92d2bf4..709e060 100644 --- a/win/build_all.py +++ b/win/build_all.py @@ -1,7 +1,6 @@ from config_all import main as config_all from build import main as build_openvpn from build_ddk import main as build_ddk -from sign import main as sign from make_dist import main as make_dist def main(config): @@ -9,7 +8,14 @@ def main(config): build_openvpn() build_ddk(config, 'tap', 'all') build_ddk(config, 'tapinstall', 'all') -sign(config, 'all') + +# Sign the drivers only if "sign" module is available +try: + from sign import main as sign + sign(config, 'all') +except (ImportError): + print "Sign module not found: drivers won't get signed." + make_dist(config) # if we are run directly, and not loaded as a module -- 1.6.3.3
Re: [Openvpn-devel] [PATCH] Added check for variable CONFIGURE_DEFINES into options.c
Samuli Seppänen wrote: > >From 327d6c66fff6962a96f86110dc91b1dad07ca224 Mon Sep 17 00:00:00 2001 > From: =?utf-8?q?Samuli=20Sepp=C3=A4nen?=> Date: Fri, 12 Nov 2010 17:30:07 +0200 > Subject: [PATCH] Added check for variable CONFIGURE_DEFINES into options.c > > The file containing CONFIGURE_DEFINES variable, configure.h, is not present if > openvpn is built using the Python + Visual C -based buildsystem. This causes > the > build to fail. This patch adds a check to see if variable exists before trying > to use it. Acked-by: Peter Stuge
[Openvpn-devel] [PATCH] Removed hardcoded signtool dependency from win/build_all.py
From 57b983dc2a1f4a31d3b7c0e2f6de7f778d234b2e Mon Sep 17 00:00:00 2001 From: =?utf-8?q?Samuli=20Sepp=C3=A4nen?=Date: Fri, 12 Nov 2010 17:32:19 +0200 Subject: [PATCH] Removed hardcoded signtool dependency from win/build_all.py Modified win/build_all.py so that build does not fail even if the optional signtool python class is not available. --- win/build_all.py | 10 -- 1 files changed, 8 insertions(+), 2 deletions(-) diff --git a/win/build_all.py b/win/build_all.py index 92d2bf4..38c1645 100644 --- a/win/build_all.py +++ b/win/build_all.py @@ -1,7 +1,6 @@ from config_all import main as config_all from build import main as build_openvpn from build_ddk import main as build_ddk -from sign import main as sign from make_dist import main as make_dist def main(config): @@ -9,7 +8,14 @@ def main(config): build_openvpn() build_ddk(config, 'tap', 'all') build_ddk(config, 'tapinstall', 'all') -sign(config, 'all') + +# Sign the drivers only if "sign" module is available +try: + from sign import main as sign + sign(config, 'all') +except (ImportError): + pass + make_dist(config) # if we are run directly, and not loaded as a module -- 1.6.3.3
[Openvpn-devel] [PATCH] Added check for variable CONFIGURE_DEFINES into options.c
>From 327d6c66fff6962a96f86110dc91b1dad07ca224 Mon Sep 17 00:00:00 2001 From: =?utf-8?q?Samuli=20Sepp=C3=A4nen?=List-Post: openvpn-devel@lists.sourceforge.net Date: Fri, 12 Nov 2010 17:30:07 +0200 Subject: [PATCH] Added check for variable CONFIGURE_DEFINES into options.c The file containing CONFIGURE_DEFINES variable, configure.h, is not present if openvpn is built using the Python + Visual C -based buildsystem. This causes the build to fail. This patch adds a check to see if variable exists before trying to use it. --- options.c |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/options.c b/options.c index 717c5d7..29243f6 100644 --- a/options.c +++ b/options.c @@ -2929,8 +2929,10 @@ usage_version (void) #ifdef CONFIGURE_CALL msg (M_INFO|M_NOPREFIX, "\n%s\n", CONFIGURE_CALL); #endif +#ifdef CONFIGURE_DEFINES msg (M_INFO|M_NOPREFIX, "Compile time defines: %s", CONFIGURE_DEFINES); #endif +#endif openvpn_exit (OPENVPN_EXIT_STATUS_USAGE); /* exit point */ } -- 1.6.3.3
Re: [Openvpn-devel] Architecture diagram & Theory of Operation documents
> Jan Just Keijser wrote: > >> PS I am not directly involved in the development of openvpn :) >> > > Actually I think you are! Because you have at the very least > contributed information about bugs that you have encountered, > which might not have been discovered otherwise. > > Writing code is not the only way to participate in development. > > Testing and bug reports are also very much critical if you ask me. > So true. Thanks to JJK + every single non-developer who's nevertheless involved directly in openvpn development :). Keep up the good work guys! -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock
Re: [Openvpn-devel] Architecture diagram & Theory of Operation documents
Hi, On Fri, Nov 12, 2010 at 10:18:26AM +0100, Jan Just Keijser wrote: > PS I am not directly involved in the development of openvpn :) Please do get involved more :-) - you seem to have a knack for finding sore spots, we need that. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgp0uJmVFTiMN.pgp Description: PGP signature