Re: [Openvpn-devel] [PATCH] TAP driver for Solaris patch

2010-11-12 Thread David Sommerseth 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 30/10/10 21:15, Gert Doering wrote:
> Hi,
> 
> back to the list after some private e-mails...
> 
> On Fri, Oct 29, 2010 at 02:25:54PM +0200, Gert Doering wrote:
>> On Mon, Sep 06, 2010 at 11:13:09PM +0900, Kazuyoshi Aizawa wrote:
>>> I attached a patch for OpenVPN 2.1.3 to support TAP driver for Solaris.
>>> Also, you can find the patch as well as TAP driver here.
>>>  http://www.whiteboard.ne.jp/~admin2/tuntap/
>>
>> One oddity remains: "--mode tun" + "--topology subnet" (not using 
>> point-to-point but "broadcast" tun interfaces) does not work.  I'm not 
>> sure whether this is a known limitation of the Solaris tun drivers, or 
>> of the way we currently access the interface - but it would be great 
>> if that could made to work - it's part of my set of regression tests...  
>> (this is *not* a problem introduced by your patch, it does not work for 
>> stock 2.2-beta3 either).
> 
> This works now, thanks to Kazuyoshi-san figuring out how to do "ifconfig"
> in this case, and for adding the metric setting on Solaris.
> 
> I have patched 2.2-beta3 with the patch appended below, and successfully
> tested the following cases on OpenSolaris/i386:
> 
>   - point-to-multipoint tun via UDP and TCP, "topology net30"
>   - point-to-multipoint tun "topology subnet" (*new*)
>   - point-to-multipoint tap (*new*)
> 
> all test cases pass, including fragmented large packets (fping).  I have
> appended OpenVPN.log files for "topology subnet" and "tap" cases.
> 
> Since it works on OpenSolaris, doesn't break existing functionality, and
> does not touch code for other platforms at all, I'd consider this a 
> useful addition to OpenVPN 2.2.  ACK from me for Kazuyoshi-san's changes,
> and if someone else would want to review and ACK this for "obvious" 
> errors (mem leakage, etc), you're welcome, of course.
> 
> David: patches below for integration into the "2.2beta" branch.
> 
> gert

Applied to the feat_misc branch, to be merged into allmerged and
beta2.2.  The ACK came privately to Gert and I got a private forward of
that ACK.


commit f0eac1a5979096c671b3674f9d80871f496d1da8
Author: Gert Doering 
List-Post: openvpn-devel@lists.sourceforge.net
Date:   Sat Oct 30 21:03:16 2010 +0200

Make "topology subnet" work on Solaris (ifconfig + route metric
changes by Kazuyoshi Aizawa, adding of local "connected subnet" route by me)

Tested on OpenSolaris/i386, no impact for other TARGETs.

Signed-off-by: Gert Doering 
Acked-by: Kazuyoshi Aizawa 
Signed-off-by: David Sommerseth 

commit 121755c2cb4891f8963ebcab5d61bc09dadf457c
Author: Gert Doering 
List-Post: openvpn-devel@lists.sourceforge.net
Date:   Fri Oct 29 17:41:53 2010 +0200

Integrate support for TAP mode on Solaris, written by Kazuyoshi
Aizawa .

See also http://www.whiteboard.ne.jp/~admin2/tuntap/

Signed-off-by: Gert Doering 
Acked-by: Kazuyoshi Aizawa 
Signed-off-by: David Sommerseth 



kind regards,

David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkzdqi4ACgkQDC186MBRfro69gCfUjWlWdqfnZ1KOfmOOztw2pmz
WQEAoLGENi88dlUjeZpLi2L0BcGCR15u
=+mN9
-END PGP SIGNATURE-

Re: [Openvpn-devel] [PATCH] Socks5 username/password authentication support

2010-11-12 Thread David Sommerseth 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 11/10/10 00:56, Pierre Bourdon wrote:
> Hello,
> 
> This patch adds support for SOCKS plain text (username/password)
> authentication as described in RFC 1929. It adds an optional third
> parameter to the socks-proxy option, which is a file containing the
> login credentials.
> 
> I submitted this patch on the Trac (#62) two days ago, but cron2 asked
> me to send it here too. It is my first contribution to the OpenVPN
> project so this patch will probably need to be reworked a bit :) .
> 
> I've been using this patch for two weeks now and it does not seem to
> cause any problem. The only modifications are in the SOCKS handshake
> handling and the options parser.
> 
> Signed-Off-By: Pierre Bourdon 

Applied to feat_misc, to be merged into allmerged and beta2.2

commit fc1fa9ffc7e3356458ec38d43816e5ddeb0c580a
Author: Pierre Bourdon 
List-Post: openvpn-devel@lists.sourceforge.net
Date: Mon Oct 11 00:56:04 2010 +0200


kind regards,

David Sommerseth


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkzdqEcACgkQDC186MBRfrrmRQCcCDgla4fbkxMbvOXFZzJ6dgLE
nUgAn24xN/fbpRIQ54TrdLHB1UnaLB9m
=IZqf
-END PGP SIGNATURE-

Re: [Openvpn-devel] [PATCH] Removed hardcoded signtool dependency from win/build_all.py

2010-11-12 Thread Gert Doering 
Hi,

On Fri, Nov 12, 2010 at 05:50:19PM +0100, David Sommerseth wrote:
> If I've understood it correctly, this is related to signing the Windows
> TUN/TAP driver.  So if you don't have a signing key/tool available, it
> is still possible to build the rest of OpenVPN.  You might even manage
> to install the unsigned TUN/TAP driver with some tweaking.

Isn't the openvpn.exe signed as well?

gert
-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


pgp6fWFafi2D7.pgp
Description: PGP signature

Re: [Openvpn-devel] [PATCH] Removed hardcoded signtool dependency from win/build_all.py

2010-11-12 Thread Peter Stuge 
Samuli Seppänen wrote:
> Peter: settings.in is stored in git.

Ok.


> I agree that there should be no way one could make an unsigned build by
> mistake. I think dazo's suggestion about having a command-line switch
> ("force unsigned build") is a good one. The SIGNTOOL variable could then
> be used to just locate signtool.exe and nothing else. This would make it
> behave the same way as most other variables in "settings.in" and allow
> making signed and unsigned builds using the same configuration file.

Acked-by: Peter Stuge

Re: [Openvpn-devel] [PATCH] Removed hardcoded signtool dependency from win/build_all.py

2010-11-12 Thread Samuli Seppänen 

> > What if build_all.py did this:
>
> > - Check if SIGNTOOL is enabled in settings.in:
> >   - Yes: fail if can't import "sign" module
> >   - No: don't fail if can't import "sign" module
>
> > I think existence of the SIGNTOOL variable gives a good clue of user's
> > intentions. Note that the build will also fail if SIGNTOOL is defined
> > and signtool.exe is not copied to the correct place
> > (../signtool/signtool.exe).
>
>
> That's fine ... but what Peter raises as a concern, which I do agree to,
> is that if James' build system is changed and the driver is not signed,
> earlier this would cause to a halt in the building process.  With your
> patch, OpenVPN + the driver will be built and not signed.
>
> So it's just to catch that "yes, we want to do a build without signing
> the driver" and to really sign-off that explicitly when doing the build.
>  As James' should never do a release build without signing the driver.
Peter: settings.in is stored in git.

I agree that there should be no way one could make an unsigned build by
mistake. I think dazo's suggestion about having a command-line switch
("force unsigned build") is a good one. The SIGNTOOL variable could then
be used to just locate signtool.exe and nothing else. This would make it
behave the same way as most other variables in "settings.in" and allow
making signed and unsigned builds using the same configuration file.

Samuli

Re: [Openvpn-devel] [PATCH] Removed hardcoded signtool dependency from win/build_all.py

2010-11-12 Thread David Sommerseth 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 12/11/10 18:11, Samuli Seppänen wrote:
> 
>> On 12/11/10 17:55, Peter Stuge wrote:
>>> David Sommerseth wrote:
>> Modified win/build_all.py so that build does not fail even if
>> the optional signtool python class is not available.
> What is it needed for? Is it really *always* optional?
 If I've understood it correctly, this is related to signing the Windows
 TUN/TAP driver.
>>> Right.
>>
>>
 So if you don't have a signing key/tool available, it is still
 possible to build the rest of OpenVPN.
>>> Fine, but this is not really acceptable when James builds OpenVPN,
>>> so I am requesting a solution that allows them to specify to the
>>> build process that they want a fatal error if signing is not
>>> possible.
>>
>> That's a good point!  I didn't think about this one.
>>
>> What about that the build script stops up and asks if it should continue
>> without signing?  And in addition having a command line argument
>> accepting building without signing?  This latter one is more useful for
>> automated community builds of the allmerged branch from
>> openvpn-testing.git.
>>
>>
>> kind regards,
>>
>> David Sommerseth
> What if build_all.py did this:
> 
> - Check if SIGNTOOL is enabled in settings.in:
>   - Yes: fail if can't import "sign" module
>   - No: don't fail if can't import "sign" module
> 
> I think existence of the SIGNTOOL variable gives a good clue of user's
> intentions. Note that the build will also fail if SIGNTOOL is defined
> and signtool.exe is not copied to the correct place
> (../signtool/signtool.exe).
> 

That's fine ... but what Peter raises as a concern, which I do agree to,
is that if James' build system is changed and the driver is not signed,
earlier this would cause to a halt in the building process.  With your
patch, OpenVPN + the driver will be built and not signed.

So it's just to catch that "yes, we want to do a build without signing
the driver" and to really sign-off that explicitly when doing the build.
 As James' should never do a release build without signing the driver.


kind regards,

David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkzdd7gACgkQDC186MBRfrpmGwCfXbMtUuoDmuWXTn5wOeAYy9s9
+BAAoKqWatGOoLIonfuV30UrRCczrKQn
=bSuy
-END PGP SIGNATURE-

Re: [Openvpn-devel] [PATCH] Removed hardcoded signtool dependency from win/build_all.py

2010-11-12 Thread Peter Stuge 
Samuli Seppänen wrote:
> What if build_all.py did this:
> 
> - Check if SIGNTOOL is enabled in settings.in:
>   - Yes: fail if can't import "sign" module
>   - No: don't fail if can't import "sign" module

This also sounds good. (Who typically creates settings.in? Is one in git?)


//Peter

Re: [Openvpn-devel] [PATCH] Removed hardcoded signtool dependency from win/build_all.py

2010-11-12 Thread David Sommerseth 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 12/11/10 17:55, Peter Stuge wrote:
> David Sommerseth wrote:
 Modified win/build_all.py so that build does not fail even if
 the optional signtool python class is not available.
>>>
>>> What is it needed for? Is it really *always* optional?
>>
>> If I've understood it correctly, this is related to signing the Windows
>> TUN/TAP driver.
> 
> Right.
> 
> 
>> So if you don't have a signing key/tool available, it is still
>> possible to build the rest of OpenVPN.
> 
> Fine, but this is not really acceptable when James builds OpenVPN,
> so I am requesting a solution that allows them to specify to the
> build process that they want a fatal error if signing is not
> possible.

That's a good point!  I didn't think about this one.

What about that the build script stops up and asks if it should continue
without signing?  And in addition having a command line argument
accepting building without signing?  This latter one is more useful for
automated community builds of the allmerged branch from openvpn-testing.git.


kind regards,

David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkzdcwUACgkQDC186MBRfroz3QCfaejhSR92xYXy6RLHbapbV4Pt
wkYAnR5xpl5fSsIZjTLHF1ZKJHkXnDmS
=WOYo
-END PGP SIGNATURE-

Re: [Openvpn-devel] [PATCH] Removed hardcoded signtool dependency from win/build_all.py

2010-11-12 Thread Peter Stuge 
David Sommerseth wrote:
> >> Modified win/build_all.py so that build does not fail even if
> >> the optional signtool python class is not available.
> > 
> > What is it needed for? Is it really *always* optional?
> 
> If I've understood it correctly, this is related to signing the Windows
> TUN/TAP driver.

Right.


> So if you don't have a signing key/tool available, it is still
> possible to build the rest of OpenVPN.

Fine, but this is not really acceptable when James builds OpenVPN,
so I am requesting a solution that allows them to specify to the
build process that they want a fatal error if signing is not
possible.


//Peter

Re: [Openvpn-devel] [PATCH] Removed hardcoded signtool dependency from win/build_all.py

2010-11-12 Thread Samuli Seppänen 

> Samuli Seppänen wrote:
>   
>> From 57b983dc2a1f4a31d3b7c0e2f6de7f778d234b2e Mon Sep 17 00:00:00 2001
>> From: =?utf-8?q?Samuli=20Sepp=C3=A4nen?= 
>> Date: Fri, 12 Nov 2010 17:32:19 +0200
>> Subject: [PATCH] Removed hardcoded signtool dependency from win/build_all.py
>>
>> Modified win/build_all.py so that build does not fail even if the optional
>> signtool python class is not available.
>> 
>
> What is it needed for? Is it really *always* optional? Maybe some
> setting or parameter to the script so that build can fail e.g. at
> openvpn.net if building, where signing should always be done?
>
>
> //Peter
>   
As far as I know driver signing is supposed to be optional. From
"win/settings.in":

# Code Signing.
# If undefined, don't sign any files.
!define SIGNTOOL"../signtool"
!define PRODUCT_SIGN_CN "openvpn"

This "settings.in" contains many other variables used by the
Python-based build system. Looking at the comments one would think that
simply disabling the the SIGNTOOL variable would allow non-signed
builds. This is not the case, hence the patch. I'm as open as it gets to
suggestions how to make the patch better, though :).


-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock

Re: [Openvpn-devel] [PATCH] Removed hardcoded signtool dependency from win/build_all.py

2010-11-12 Thread David Sommerseth 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 12/11/10 17:36, Peter Stuge wrote:
> Samuli Seppänen wrote:
>> From 57b983dc2a1f4a31d3b7c0e2f6de7f778d234b2e Mon Sep 17 00:00:00 2001
>> From: =?utf-8?q?Samuli=20Sepp=C3=A4nen?= 
>> Date: Fri, 12 Nov 2010 17:32:19 +0200
>> Subject: [PATCH] Removed hardcoded signtool dependency from win/build_all.py
>>
>> Modified win/build_all.py so that build does not fail even if the optional
>> signtool python class is not available.
> 
> What is it needed for? Is it really *always* optional? Maybe some
> setting or parameter to the script so that build can fail e.g. at
> openvpn.net if building, where signing should always be done?

If I've understood it correctly, this is related to signing the Windows
TUN/TAP driver.  So if you don't have a signing key/tool available, it
is still possible to build the rest of OpenVPN.  You might even manage
to install the unsigned TUN/TAP driver with some tweaking.


kind regards,

David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkzdcEoACgkQDC186MBRfroGqwCfRZoxPtTfp08Qvs+Uvi3KzjBj
Ts0AnAp3EVN3Ht2u6I6fFQ1QdQ4D+JAD
=yh6e
-END PGP SIGNATURE-

Re: [Openvpn-devel] [PATCH] Removed hardcoded signtool dependency from win/build_all.py

2010-11-12 Thread Peter Stuge 
Samuli Seppänen wrote:
> From 57b983dc2a1f4a31d3b7c0e2f6de7f778d234b2e Mon Sep 17 00:00:00 2001
> From: =?utf-8?q?Samuli=20Sepp=C3=A4nen?= 
> Date: Fri, 12 Nov 2010 17:32:19 +0200
> Subject: [PATCH] Removed hardcoded signtool dependency from win/build_all.py
> 
> Modified win/build_all.py so that build does not fail even if the optional
> signtool python class is not available.

What is it needed for? Is it really *always* optional? Maybe some
setting or parameter to the script so that build can fail e.g. at
openvpn.net if building, where signing should always be done?


//Peter

Re: [Openvpn-devel] [PATCH] Removed hardcoded sign module dependency from win/build_all.py

2010-11-12 Thread Samuli Seppänen 
Second version of the patch. As suggested by dazo I added printing of an
informational message if the sign module is not found. Also fixed a few
typos (signtool -> sign).
From a6321a47b0d4341700ad226a8b6c9abcba2052a9 Mon Sep 17 00:00:00 2001
From: =?utf-8?q?Samuli=20Sepp=C3=A4nen?= 
Date: Fri, 12 Nov 2010 18:31:23 +0200
Subject: [PATCH] Removed hardcoded sign module dependency from win/build_all.py

Modified win/build_all.py so that build does not fail even if the optional sign
python module is not available.
---
 win/build_all.py |   10 --
 1 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/win/build_all.py b/win/build_all.py
index 92d2bf4..709e060 100644
--- a/win/build_all.py
+++ b/win/build_all.py
@@ -1,7 +1,6 @@
 from config_all import main as config_all
 from build import main as build_openvpn
 from build_ddk import main as build_ddk
-from sign import main as sign
 from make_dist import main as make_dist
 
 def main(config):
@@ -9,7 +8,14 @@ def main(config):
 build_openvpn()
 build_ddk(config, 'tap', 'all')
 build_ddk(config, 'tapinstall', 'all')
-sign(config, 'all')
+
+# Sign the drivers only if "sign" module is available
+try:
+   from sign import main as sign
+   sign(config, 'all')
+except (ImportError):
+   print "Sign module not found: drivers won't get signed."
+
 make_dist(config)
 
 # if we are run directly, and not loaded as a module
-- 
1.6.3.3

Re: [Openvpn-devel] [PATCH] Added check for variable CONFIGURE_DEFINES into options.c

2010-11-12 Thread Peter Stuge 
Samuli Seppänen wrote:
> >From 327d6c66fff6962a96f86110dc91b1dad07ca224 Mon Sep 17 00:00:00 2001
> From: =?utf-8?q?Samuli=20Sepp=C3=A4nen?= 
> Date: Fri, 12 Nov 2010 17:30:07 +0200
> Subject: [PATCH] Added check for variable CONFIGURE_DEFINES into options.c
> 
> The file containing CONFIGURE_DEFINES variable, configure.h, is not present if
> openvpn is built using the Python + Visual C -based buildsystem. This causes 
> the
> build to fail. This patch adds a check to see if variable exists before trying
> to use it.

Acked-by: Peter Stuge

[Openvpn-devel] [PATCH] Removed hardcoded signtool dependency from win/build_all.py

2010-11-12 Thread Samuli Seppänen 

From 57b983dc2a1f4a31d3b7c0e2f6de7f778d234b2e Mon Sep 17 00:00:00 2001
From: =?utf-8?q?Samuli=20Sepp=C3=A4nen?= 
Date: Fri, 12 Nov 2010 17:32:19 +0200
Subject: [PATCH] Removed hardcoded signtool dependency from win/build_all.py

Modified win/build_all.py so that build does not fail even if the optional
signtool python class is not available.
---
 win/build_all.py |   10 --
 1 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/win/build_all.py b/win/build_all.py
index 92d2bf4..38c1645 100644
--- a/win/build_all.py
+++ b/win/build_all.py
@@ -1,7 +1,6 @@
 from config_all import main as config_all
 from build import main as build_openvpn
 from build_ddk import main as build_ddk
-from sign import main as sign
 from make_dist import main as make_dist
 
 def main(config):
@@ -9,7 +8,14 @@ def main(config):
 build_openvpn()
 build_ddk(config, 'tap', 'all')
 build_ddk(config, 'tapinstall', 'all')
-sign(config, 'all')
+
+# Sign the drivers only if "sign" module is available
+try:
+   from sign import main as sign
+   sign(config, 'all')
+except (ImportError):
+   pass
+
 make_dist(config)
 
 # if we are run directly, and not loaded as a module
-- 
1.6.3.3

[Openvpn-devel] [PATCH] Added check for variable CONFIGURE_DEFINES into options.c

2010-11-12 Thread Samuli Seppänen 

>From 327d6c66fff6962a96f86110dc91b1dad07ca224 Mon Sep 17 00:00:00 2001
From: =?utf-8?q?Samuli=20Sepp=C3=A4nen?= 
List-Post: openvpn-devel@lists.sourceforge.net
Date: Fri, 12 Nov 2010 17:30:07 +0200
Subject: [PATCH] Added check for variable CONFIGURE_DEFINES into options.c

The file containing CONFIGURE_DEFINES variable, configure.h, is not present if
openvpn is built using the Python + Visual C -based buildsystem. This causes the
build to fail. This patch adds a check to see if variable exists before trying
to use it.
---
 options.c |2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/options.c b/options.c
index 717c5d7..29243f6 100644
--- a/options.c
+++ b/options.c
@@ -2929,8 +2929,10 @@ usage_version (void)
 #ifdef CONFIGURE_CALL
   msg (M_INFO|M_NOPREFIX, "\n%s\n", CONFIGURE_CALL);
 #endif
+#ifdef CONFIGURE_DEFINES
   msg (M_INFO|M_NOPREFIX, "Compile time defines: %s", CONFIGURE_DEFINES);
 #endif
+#endif
   openvpn_exit (OPENVPN_EXIT_STATUS_USAGE); /* exit point */
 }

-- 
1.6.3.3

Re: [Openvpn-devel] Architecture diagram & Theory of Operation documents

2010-11-12 Thread Samuli Seppänen 

> Jan Just Keijser wrote:
>   
>> PS I am not directly involved in the development of openvpn :)
>> 
>
> Actually I think you are! Because you have at the very least
> contributed information about bugs that you have encountered,
> which might not have been discovered otherwise.
>
> Writing code is not the only way to participate in development.
>
> Testing and bug reports are also very much critical if you ask me.
>   
So true. Thanks to JJK + every single non-developer who's nevertheless
involved directly in openvpn development :). Keep up the good work guys!

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock

Re: [Openvpn-devel] Architecture diagram & Theory of Operation documents

2010-11-12 Thread Gert Doering 
Hi,

On Fri, Nov 12, 2010 at 10:18:26AM +0100, Jan Just Keijser wrote:
> PS I am not directly involved in the development of openvpn :)

Please do get involved more :-) - you seem to have a knack for finding
sore spots, we need that.

gert
-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


pgp0uJmVFTiMN.pgp
Description: PGP signature