[Openvpn-devel] [PATCH] Remove support for snappy compression.

[Gert Doering]

LZ4 is using less CPU at similar performance, and it is easier to
build and support for binary installs (as it does not require C++
and a C++ runtime).  Since it was never supported in any formally
released OpenVPN version, just drop it again.

This leaves in the compression opcode for Snappy for documentation
purposes.

trac #617

Signed-off-by: Gert Doering 
---
 configure.ac|  48 
 doc/openvpn.8   |   6 +-
 src/openvpn/Makefile.am |   3 -
 src/openvpn/comp.c  |  11 ---
 src/openvpn/comp.h  |  11 +--
 src/openvpn/init.c  |   6 +-
 src/openvpn/options.c   |  10 ---
 src/openvpn/snappy.c| 189 
 src/openvpn/snappy.h|  39 --
 src/openvpn/syshead.h   |   2 +-
 10 files changed, 9 insertions(+), 316 deletions(-)
 delete mode 100644 src/openvpn/snappy.c
 delete mode 100644 src/openvpn/snappy.h

diff --git a/configure.ac b/configure.ac
index 2e651d8..77b4915 100644
--- a/configure.ac
+++ b/configure.ac
@@ -66,12 +66,6 @@ AC_ARG_ENABLE(
[enable_lzo="yes"]
 )

-AC_ARG_ENABLE(snappy,
-   [  --disable-snappyDisable Snappy compression support],
-   [enable_snappy="$enableval"],
-   [enable_snappy="yes"]
-)
-
 AC_ARG_ENABLE(lz4,
[  --disable-lz4   Disable LZ4 compression support],
[enable_lz4="$enableval"],
@@ -952,45 +946,6 @@ if test "${have_lzo}" = "yes"; then
 fi

 dnl
-dnl check for Snappy library
-dnl
-
-AC_ARG_VAR([SNAPPY_CFLAGS], [C compiler flags for snappy])
-AC_ARG_VAR([SNAPPY_LIBS], [linker flags for snappy])
-if test "$enable_snappy" = "yes" && test "$enable_comp_stub" = "no"; then
-AC_CHECKING([for Snappy Library and Header files])
-havesnappylib=1
-
-# if SNAPPY_LIBS is set, we assume it will work, otherwise test
-if test -z "${SNAPPY_LIBS}"; then
-   AC_CHECK_LIB(snappy, snappy_compress,
-   [ SNAPPY_LIBS="-lsnappy" ],
-   [
-   AC_MSG_RESULT([Snappy library not found.])
-   havesnappylib=0
-   ])
-fi
-
-saved_CFLAGS="${CFLAGS}"
-CFLAGS="${CFLAGS} ${SNAPPY_CFLAGS}"
-AC_CHECK_HEADERS(snappy-c.h,
-   ,
-   [
-  AC_MSG_RESULT([Snappy headers not found.])
-  havesnappylib=0
-   ])
-
-if test $havesnappylib = 0 ; then
-   AC_MSG_RESULT([Snappy library available from 
http://code.google.com/p/snappy/])
-AC_MSG_ERROR([Or try ./configure --disable-snappy OR ./configure 
--enable-comp-stub])
-fi
-OPTIONAL_SNAPPY_CFLAGS="${SNAPPY_CFLAGS}"
-OPTIONAL_SNAPPY_LIBS="${SNAPPY_LIBS}"
-AC_DEFINE(ENABLE_SNAPPY, 1, [Enable Snappy compression library])
-CFLAGS="${saved_CFLAGS}"
-fi
-
-dnl
 dnl check for LZ4 library
 dnl

@@ -1154,7 +1109,6 @@ if test "${enable_lzo}" = "yes"; then
 fi
 if test "${enable_comp_stub}" = "yes"; then
test "${enable_lzo}" = "yes" && AC_MSG_ERROR([Cannot have both comp 
stub and lzo enabled (use --disable-lzo)])
-   test "${enable_snappy}" = "yes" && AC_MSG_ERROR([Cannot have both comp 
stub and snappy enabled (use --disable-snappy)])
test "${enable_lz4}" = "yes" && AC_MSG_ERROR([Cannot have both comp 
stub and LZ4 enabled (use --disable-lz4)])
AC_DEFINE([ENABLE_COMP_STUB], [1], [Enable compression stub capability])
 fi
@@ -1220,8 +1174,6 @@ AC_SUBST([OPTIONAL_CRYPTO_CFLAGS])
 AC_SUBST([OPTIONAL_CRYPTO_LIBS])
 AC_SUBST([OPTIONAL_LZO_CFLAGS])
 AC_SUBST([OPTIONAL_LZO_LIBS])
-AC_SUBST([OPTIONAL_SNAPPY_CFLAGS])
-AC_SUBST([OPTIONAL_SNAPPY_LIBS])
 AC_SUBST([OPTIONAL_LZ4_CFLAGS])
 AC_SUBST([OPTIONAL_LZ4_LIBS])
 AC_SUBST([OPTIONAL_SYSTEMD_LIBS])
diff --git a/doc/openvpn.8 b/doc/openvpn.8
index 829b09c..3a86409 100644
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -2495,9 +2495,9 @@ Enable a compression algorithm.

 The
 .B algorithm
-parameter may be "snappy", "lzo", "lz4", or empty.  Snappy, LZO and LZ4
-are different compression algorithms, with Snappy generally
-offering the best performance while LZ4 is faster with less CPU usage.
+parameter may be "lzo", "lz4", or empty.  LZO and LZ4
+are different compression algorithms, with LZ4 generally
+offering the best performance with least CPU usage.
 For backwards compatibility with OpenVPN versions before 2.4, use "lzo"
 (which is identical to the older option "\-\-comp\-lzo yes").

diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am
index d089f50..c840f16 100644
--- a/src/openvpn/Makefile.am
+++ b/src/openvpn/Makefile.am
@@ -26,7 +26,6 @@ AM_CFLAGS = \
$(TAP_CFLAGS) \
$(OPTIONAL_CRYPTO_CFLAGS) \
$(OPTIONAL_LZO_CFLAGS) \
-   $(OPTIONAL_SNAPPY_CFLAGS) \
$(OPTIONAL_LZ4_CFLAGS) \
$(OPTIONAL_PKCS11_HELPER_CFLAGS)
 if WIN32
@@ -102,7 +101,6 @@ openvpn_SOURCES = \
session_id.c session_id.h \
shaper.c shaper.h \
sig.c sig.h \
-   snappy.c snappy.h \
socket.c socket.h \
socks.c socks.h \
ssl.c ssl.h  

Re: [Openvpn-devel] [PATCH] Fix trac ticket #569

[Arne Schwabe]

Am 10.10.15 um 18:12 schrieb janj...@nikhef.nl:
> From: janjust 
> 
> Fix trac ticket #569 "White space before end tags can break the config parser"
>https://community.openvpn.net/openvpn/ticket/569
> 

ACK from me.

Arne

[Openvpn-devel] [PATCH] Fix trac ticket #569

[janjust]

From: janjust 

Fix trac ticket #569 "White space before end tags can break the config parser"
   https://community.openvpn.net/openvpn/ticket/569

---
 src/openvpn/options.c |5 -
 1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 7906f46..11e327c 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -3694,13 +3694,16 @@ static char *
 read_inline_file (struct in_src *is, const char *close_tag, struct gc_arena 
*gc)
 {
   char line[OPTION_LINE_SIZE];
+  char *line_ptr = line;
   struct buffer buf = alloc_buf (8*OPTION_LINE_SIZE);
   char *ret;
   bool endtagfound = false;

   while (in_src_get (is, line, sizeof (line)))
 {
-  if (!strncmp (line, close_tag, strlen (close_tag)))
+  /* Remove leading spaces */
+  while (isspace(*line_ptr)) line_ptr++;
+  if (!strncmp (line_ptr, close_tag, strlen (close_tag)))
{
  endtagfound = true;
  break;
-- 
1.7.1

[Openvpn-devel] [PATCH v3] Send push reply right after async auth complete

[Lev Stipakov]

v3:
* better comments
* better variable naming
* include sys/inotify.h if HAVE_SYS_INOTIFY_H is defined

v2:
More careful inotify_watchers handling
* Ensure that same multi_instance is added only once
* Ensure that multi_instance is always removed

v1:
This feature speeds up connection establishment in cases when async
authentication result is not ready when first push request arrives. At
the moment server sends push reply only when it receives next push
request, which comes 5 seconds later.

Implementation overview.

Add new configure option ENABLE_ASYNC_PUSH, which can be enabled if
system supports inotify.

Add inotify descriptor to an event loop. Add inotify watch for a
authentication control file. Store mapping between watch descriptor and
multi_instance in a dictionary. When file is closed, inotify fires an
event and we continue with connection establishment - call client-
connect etc and send push reply.

Inotify watch descriptor got automatically deleted after file is closed
or when file is removed. We catch that event and remove it from the
dictionary.

Feature is easily tested with sample "defer" plugin and following settings:

auth-user-pass-optional
setenv test_deferred_auth 3
plugin simple.so

Signed-off-by: Lev Stipakov 

Add doxygen comment
---
 configure.ac  |  15 +
 src/openvpn/forward.c |   8 +++
 src/openvpn/mtcp.c|  28 +
 src/openvpn/mudp.c|  27 +
 src/openvpn/multi.c   | 155 +-
 src/openvpn/multi.h   |  21 +++
 src/openvpn/openvpn.h |  10 
 src/openvpn/push.c|  69 +-
 src/openvpn/push.h|   2 +
 9 files changed, 304 insertions(+), 31 deletions(-)

diff --git a/configure.ac b/configure.ac
index 2e651d8..32620c6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -277,6 +277,13 @@ AC_ARG_ENABLE(
[enable_systemd="no"]
 )

+AC_ARG_ENABLE(
+   [async-push],
+   [AS_HELP_STRING([--enable-async-push], [enable async-push support 
@<:@default=no@:>@])],
+   [enable_async_push="yes"],
+   [enable_async_push="no"]
+)
+
 AC_ARG_WITH(
[special-build],
[AS_HELP_STRING([--with-special-build=STRING], [specify special build 
string])],
@@ -1201,6 +1208,14 @@ if test "${enable_plugin_auth_pam}" = "yes"; then
fi
 fi

+if test "${enable_async_push}" = "yes"; then
+   AC_CHECK_HEADERS(
+   [sys/inotify.h],
+   AC_DEFINE([ENABLE_ASYNC_PUSH], [1], [Enable async push]),
+   AC_MSG_ERROR([inotify.h not found.])
+   )
+fi
+
 CONFIGURE_DEFINES="`set | grep '^enable_.*=' ; set | grep '^with_.*='`"
 AC_DEFINE_UNQUOTED([CONFIGURE_DEFINES], ["`echo ${CONFIGURE_DEFINES}`"], 
[Configuration settings])

diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index 7a5d383..f89c5bc 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -1371,6 +1371,9 @@ io_wait_dowork (struct context *c, const unsigned int 
flags)
 #ifdef ENABLE_MANAGEMENT
   static int management_shift = 6; /* depends on MANAGEMENT_READ and 
MANAGEMENT_WRITE */
 #endif
+#ifdef ENABLE_ASYNC_PUSH
+  static int file_shift = 8;   /* listening inotify events */
+#endif

   /*
* Decide what kind of events we want to wait for.
@@ -1465,6 +1468,11 @@ io_wait_dowork (struct context *c, const unsigned int 
flags)
 management_socket_set (management, c->c2.event_set, 
(void*)_shift, NULL);
 #endif

+#ifdef ENABLE_ASYNC_PUSH
+  /* arm inotify watcher */
+  event_ctl (c->c2.event_set, c->c2.inotify_fd, EVENT_READ, 
(void*)_shift);
+#endif
+
   /*
* Possible scenarios:
*  (1) tcp/udp port has data available to read
diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c
index dc15f09..b27c5eb 100644
--- a/src/openvpn/mtcp.c
+++ b/src/openvpn/mtcp.c
@@ -62,6 +62,10 @@
 # define MTCP_MANAGEMENT ((void*)4)
 #endif

+#ifdef ENABLE_ASYNC_PUSH
+#define MTCP_FILE_CLOSE_WRITE ((void*)5)
+#endif
+
 #define MTCP_N   ((void*)16) /* upper bound on MTCP_x */

 struct ta_iow_flags
@@ -245,6 +249,12 @@ multi_tcp_wait (const struct context *c,
   if (management)
 management_socket_set (management, mtcp->es, MTCP_MANAGEMENT, 
>management_persist_flags);
 #endif
+
+#ifdef ENABLE_ASYNC_PUSH
+  /* arm inotify watcher */
+  event_ctl (mtcp->es, c->c2.inotify_fd, EVENT_READ, MTCP_FILE_CLOSE_WRITE);
+#endif
+
   status = event_wait (mtcp->es, >c2.timeval, mtcp->esr, mtcp->maxevents);
   update_time ();
   mtcp->n_esr = 0;
@@ -636,6 +646,12 @@ multi_tcp_process_io (struct multi_context *m)
{
  get_signal (>top.sig->signal_received);
}
+#ifdef ENABLE_ASYNC_PUSH
+ else if (e->arg == MTCP_FILE_CLOSE_WRITE)
+   {
+ multi_process_file_closed (m, MPP_PRE_SELECT | MPP_RECORD_TOUCH);
+   }
+#endif
}
   if (IS_SIG (>top))
break;
@@ -684,6 +700,14 @@ tunnel_server_tcp (struct context *top)
   /* finished with initialization */
   

Re: [Openvpn-devel] [PATCH: tap-windows6] Added CONTRIBUTING.rst

[Samuli Seppänen]

Hi,

On Sat, Oct 10, 2015 at 04:36:24PM +0300, sam...@openvpn.net wrote:

From: Samuli Seppänen 

Signed-off-by: Samuli Seppänen 


Sounds good to me.  I'm not sure if I have formal authority for tap-windows6,
but anyway "ACK" :-)

gert



Pushed to tap-windows6.

--
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock

Re: [Openvpn-devel] [PATCH: openvpn-build] Added CONTRIBUTING.rst

[Samuli Seppänen]

Hi,

On Sat, Oct 10, 2015 at 04:38:36PM +0300, sam...@openvpn.net wrote:

From: Samuli Seppänen 

Signed-off-by: Samuli Seppänen 
---
  CONTRIBUTING.rst | 25 +
  1 file changed, 25 insertions(+)
  create mode 100644 CONTRIBUTING.rst


Looks good to me. ACK, if I may :)

gert


Pushed to openvpn-build.

--
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock

[Openvpn-devel] [PATCH applied] Re: Add CONTRIBUTING.rst

[Gert Doering]

Your patch has been applied to the master and release/2.3 branch.

commit 0c1d92291e4c1829bf503067e1f9d39328d01ee9 (master)
commit 6c45f8c9c268910da104b25e242c6465bb0bb54a (release/2.3)

Author: Samuli Seppänen
List-Post: openvpn-devel@lists.sourceforge.net
Date:   Sat Oct 10 16:41:14 2015 +0300

 Add CONTRIBUTING.rst

 Signed-off-by: Samuli Seppänen 
 Acked-by: Gert Doering 
 Message-Id: <184474-6471-1-git-send-email-sam...@openvpn.net>
 Signed-off-by: Gert Doering 


--
kind regards,

Gert Doering

Re: [Openvpn-devel] [PATCH: openvpn-build] Added CONTRIBUTING.rst

[Gert Doering]

Hi,

On Sat, Oct 10, 2015 at 04:38:36PM +0300, sam...@openvpn.net wrote:
> From: Samuli Seppänen 
> 
> Signed-off-by: Samuli Seppänen 
> ---
>  CONTRIBUTING.rst | 25 +
>  1 file changed, 25 insertions(+)
>  create mode 100644 CONTRIBUTING.rst

Looks good to me. ACK, if I may :)

gert
-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


signature.asc
Description: PGP signature

Re: [Openvpn-devel] [PATCH: tap-windows6] Added CONTRIBUTING.rst

[Gert Doering]

Hi,

On Sat, Oct 10, 2015 at 04:36:24PM +0300, sam...@openvpn.net wrote:
> From: Samuli Seppänen 
> 
> Signed-off-by: Samuli Seppänen 

Sounds good to me.  I'm not sure if I have formal authority for tap-windows6,
but anyway "ACK" :-)

gert
-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


signature.asc
Description: PGP signature

[Openvpn-devel] [PATCH: openvpn] Add CONTRIBUTING.rst

[samuli]

From: Samuli Seppänen 

Signed-off-by: Samuli Seppänen 
---
 CONTRIBUTING.rst | 30 ++
 1 file changed, 30 insertions(+)
 create mode 100644 CONTRIBUTING.rst

diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst
new file mode 100644
index 000..5004620
--- /dev/null
+++ b/CONTRIBUTING.rst
@@ -0,0 +1,30 @@
+CONTRIBUTING TO THE OPENVPN PROJECT
+===
+
+Patches should be written against the Git "master" branch. Some patches may 
get 
+backported to a release branch.
+
+We do not currently accept GitHub pull requests for the core OpenVPN project. 
+Instead, all patches must be sent to "openvpn-devel" mailing list for review:
+
+- https://lists.sourceforge.net/lists/listinfo/openvpn-devel
+
+The subject line should preferably be prefixed with [PATCH]. To avoid merging 
+issues the patches should be generated with git-format-patch or sent using 
+git-send-email. Try to split large patches into small, atomic pieces to make 
+reviews easier.
+
+If you want quick feedback on a patch before sending it to openvpn-devel 
mailing 
+list, you can visit the #openvpn-devel channel on irc.freenode.net. Note that 
+you need to be logged in to Freenode to join the channel:
+
+- http://freenode.net/faq.shtml#nicksetup
+
+More detailed contribution instructions are available here:
+
+- https://community.openvpn.net/openvpn/wiki/DeveloperDocumentation
+
+Note that the process for contributing to other OpenVPN projects such as 
+openvpn-build, openvpn-gui, tap-windows6 and easy-rsa may differ from what was 
+described above. Please refer to the contribution instructions of each
+respective project.
-- 
2.1.4

[Openvpn-devel] [PATCH: tap-windows6] Added CONTRIBUTING.rst

[samuli]

From: Samuli Seppänen 

Signed-off-by: Samuli Seppänen 
---
 CONTRIBUTING.rst | 26 ++
 1 file changed, 26 insertions(+)
 create mode 100644 CONTRIBUTING.rst

diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst
new file mode 100644
index 000..6ee5908
--- /dev/null
+++ b/CONTRIBUTING.rst
@@ -0,0 +1,26 @@
+Contributing to tap-windows6
+
+
+To contribute to tap-windows6 please send your patches to openvpn-devel 
mailing 
+list:
+
+- https://lists.sourceforge.net/lists/listinfo/openvpn-devel
+
+The subject line should look like this:
+
+  [PATCH: tap-windows6] summary of the patch
+
+To avoid merging issues patches should be created with git-format-patch or sent
+using git-send-email. The easiest way to add the subject line prefix is to use
+this option:
+
+  --subject-prefix='PATCH: tap-windows6'
+
+Patches that do not modify the actual driver code can be sent as GitHub pull 
+requests. Try to split large patches into small, atomic pieces to make reviews 
+and merging easier.
+
+If you want quick feedback on a patch, you can visit the #openvpn-devel 
channel 
+on Freenode. Note that you need to be logged in to join the channel:
+
+- http://freenode.net/faq.shtml#nicksetup
-- 
2.1.4

Re: [Openvpn-devel] [PATCH v2] Send push reply right after async auth complete

[David Sommerseth]

On 07/10/15 15:32, Lev Stipakov wrote:
> v2:
> More careful inotify_watchers handling
> * Ensure that same multi_instance is added only once
> * Ensure that multi_instance is always removed
> 
> v1:
> This feature speeds up connection establishment in cases when async
> authentication result is not ready when first push request arrives. At
> the moment server sends push reply only when it receives next push
> request, which comes 5 seconds later.
> 
> Implementation overview.
> 
> Add new configure option ENABLE_ASYNC_PUSH, which can be enabled if
> system supports inotify.
> 
> Add inotify descriptor to an event loop. Add inotify watch for a
> authentication control file. Store mapping between watch descriptor and
> multi_instance in a dictionary. When file is closed, inotify fires an
> event and we continue with connection establishment - call client-
> connect etc and send push reply.
> 
> Inotify watch descriptor got automatically deleted after file is closed
> or when file is removed. We catch that event and remove it from the
> dictionary.
> 
> Feature is easily tested with sample "defer" plugin and following settings:
> 
> auth-user-pass-optional
> setenv test_deferred_auth 3
> plugin simple.so
> 
> Signed-off-by: Lev Stipakov 
> ---
>  configure.ac  |  15 +
>  src/openvpn/forward.c |   8 +++
>  src/openvpn/mtcp.c|  28 ++
>  src/openvpn/mudp.c|  27 +
>  src/openvpn/multi.c   | 152 
> +-
>  src/openvpn/multi.h   |  14 +
>  src/openvpn/openvpn.h |  11 
>  src/openvpn/push.c|  69 +--
>  src/openvpn/push.h|   2 +
>  9 files changed, 295 insertions(+), 31 deletions(-)
> 

[...snip...]

> diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
> index 7a5d383..134905c 100644
> --- a/src/openvpn/forward.c
> +++ b/src/openvpn/forward.c
> @@ -1371,6 +1371,9 @@ io_wait_dowork (struct context *c, const unsigned int 
> flags)
>  #ifdef ENABLE_MANAGEMENT
>static int management_shift = 6; /* depends on MANAGEMENT_READ and 
> MANAGEMENT_WRITE */
>  #endif
> +#ifdef ENABLE_ASYNC_PUSH
> +  static int file_shift = 8;
> +#endif

Can we please have a comment on what this 'file_shift' value means?  Just a
single line comment.  Perhaps 'file_change' would be a better name?

[...snip...]

> diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c
> index 57118f8..30ec345 100644
> --- a/src/openvpn/mudp.c
> +++ b/src/openvpn/mudp.c
> @@ -38,6 +38,10 @@
>  
>  #include "memdbg.h"
>  
> +#ifdef ENABLE_ASYNC_PUSH
> +#include 
> +#endif
> +

Maybe HAVE_SYS_INOTIFY_H is better?

[...snip...]

> diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
> index 902c4dc..0da9ca7 100644
> --- a/src/openvpn/multi.c
> +++ b/src/openvpn/multi.c
> @@ -28,6 +28,11 @@
>  #include "config-msvc.h"
>  #endif
>  
> +#ifdef ENABLE_ASYNC_PUSH
> +#include 
> +#define INOTIFY_EVENT_BUFFER_SIZE 16384
> +#endif
> +

Maybe HAVE_SYS_INOTIFY_H is better here too?

>  #include "syshead.h"
>  
>  #if P2MP_SERVER
> @@ -243,6 +248,20 @@ cid_compare_function (const void *key1, const void *key2)
>  
>  #endif
>  
> +#ifdef ENABLE_ASYNC_PUSH
> +static uint32_t
> +int_hash_function (const void *key, uint32_t iv)
> +{
> +  return (unsigned long)key;
> +}
> 
This looks very odd, but I understand it's required by hash_init().  Could you
add a little remark about why this function looks so "useless"?

[...snip...]

> @@ -1877,6 +1932,14 @@ multi_connection_established (struct multi_context *m, 
> struct multi_instance *mi
>  
> /* set context-level authentication flag */
> mi->context.c2.context_auth = CAS_SUCCEEDED;
> +
> +#ifdef ENABLE_ASYNC_PUSH
> +   /* authentication complete, send push reply */
> +   if (mi->context.c2.push_request_received)
> + {
> +   process_incoming_push_request(>context);
> + }
> +#endif
>   }
>else
>   {
> @@ -1906,6 +1969,54 @@ multi_connection_established (struct multi_context *m, 
> struct multi_instance *mi
>mi->context.c2.push_reply_deferred = false;
>  }
>  
> +#ifdef ENABLE_ASYNC_PUSH
> +void
> +multi_process_file_closed (struct multi_context *m, const unsigned int 
> mpp_flags)

It would be great to see a more verbose doxygen comment here, explaining what
this function do, why and who calls it in which situations.

> +{
> +  char buffer[INOTIFY_EVENT_BUFFER_SIZE];
> +  size_t buffer_i = 0;
> +  int r = read (m->top.c2.inotify_fd, buffer, INOTIFY_EVENT_BUFFER_SIZE);
> +
> +  while (buffer_i < r)
> +{
> +  /* parse inotify events */
> +  struct inotify_event *pevent = (struct inotify_event *) 
> [buffer_i];
> +  size_t event_size = sizeof (struct inotify_event) + pevent->len;
> +  buffer_i += event_size;
> +
> +  msg(D_MULTI_DEBUG, "MULTI: modified fd %d, mask %d", pevent->wd, 
> pevent->mask);
> +
> +  struct multi_instance* mi = hash_lookup(m->inotify_watchers, (void*) 
> (unsigned long) 

Re: [Openvpn-devel] ipv6 env vars to client scripts

[Lev Stipakov]

Hi Samuel,

I like the idea of patch 
https://community.openvpn.net/openvpn/attachment/ticket/230/patch, I 
think ifconfig_ipv6_pool_remote_ip is indeed useful - we use it in our 
production, too.


Here:

void
+setenv_in6_addr_t (struct env_set *es, const char *name_prefix, struct 
in6_addr *addr, const bool flags)

+{

"flags" should have type "const unsigned int" instead of "const bool".


Could you also rebase it on top of master - at the moment the first part 
of socket.c fails to apply.


-Lev


02.05.2014, 01:50, Samuel Thibault kirjoitti:

David Sommerseth, le Fri 02 May 2014 01:39:05 +0200, a écrit :

On 17/04/14 14:07, Lev Stipakov wrote:

Hello,

Are there any plans to support ipv6 env vars in
client-connect/disconnect scripts?

There are at least 2 tickes on that feature:

https://community.openvpn.net/openvpn/ticket/230
https://community.openvpn.net/openvpn/ticket/369

Is there anything that prevents merging any of suggested patches to
the master branch?


I don't think I've seen these patches on the mailing list (I'm going through
the list now).


My patches were sent on 2013 May 24th on openvpn-devel.

Samuel

--
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.  Get
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs

Re: [Openvpn-devel] ipv6 env vars to client scripts

[Lev Stipakov]

Hi Samuel,

I like the idea of patch 
https://community.openvpn.net/openvpn/attachment/ticket/230/patch, I 
think ifconfig_ipv6_pool_remote_ip is indeed useful - we use it in our 
production, too.


Here:

void
+setenv_in6_addr_t (struct env_set *es, const char *name_prefix, struct 
in6_addr *addr, const bool flags)

+{

"flags" should have type "const unsigned int" instead of "const bool".


Could you also rebase it on top of master - at the moment the first part 
of socket.c fails to apply.


-Lev


02.05.2014, 01:50, Samuel Thibault kirjoitti:

David Sommerseth, le Fri 02 May 2014 01:39:05 +0200, a écrit :

On 17/04/14 14:07, Lev Stipakov wrote:

Hello,

Are there any plans to support ipv6 env vars in
client-connect/disconnect scripts?

There are at least 2 tickes on that feature:

https://community.openvpn.net/openvpn/ticket/230
https://community.openvpn.net/openvpn/ticket/369

Is there anything that prevents merging any of suggested patches to
the master branch?


I don't think I've seen these patches on the mailing list (I'm going through
the list now).


My patches were sent on 2013 May 24th on openvpn-devel.

Samuel

--
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.  Get
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs

Re: [Openvpn-devel] ipv6 env vars to client scripts

[Lev Stipakov]

Hi Samuel,

I like the idea of patch
https://community.openvpn.net/openvpn/attachment/ticket/230/patch, I
think ifconfig_ipv6_pool_remote_ip is indeed useful - we use it in our
production, too.

Here:

void
+setenv_in6_addr_t (struct env_set *es, const char *name_prefix,
struct in6_addr *addr, const bool flags)
+{

"flags" should have type "const unsigned int" instead of "const bool".

Could you also rebase it on top of master - at the moment the first
part of socket.c fails to apply.

-Lev

2014-05-02 1:50 GMT+02:00 Samuel Thibault :
> David Sommerseth, le Fri 02 May 2014 01:39:05 +0200, a écrit :
>> On 17/04/14 14:07, Lev Stipakov wrote:
>> > Hello,
>> >
>> > Are there any plans to support ipv6 env vars in
>> > client-connect/disconnect scripts?
>> >
>> > There are at least 2 tickes on that feature:
>> >
>> > https://community.openvpn.net/openvpn/ticket/230
>> > https://community.openvpn.net/openvpn/ticket/369
>> >
>> > Is there anything that prevents merging any of suggested patches to
>> > the master branch?
>>
>> I don't think I've seen these patches on the mailing list (I'm going through
>> the list now).
>
> My patches were sent on 2013 May 24th on openvpn-devel.
>
> Samuel



-- 
-Lev

Re: [Openvpn-devel] ipv6 env vars to client scripts

[Lev Stipakov]

Hi Samuel,

I like the idea of patch 
https://community.openvpn.net/openvpn/attachment/ticket/230/patch, I 
think ifconfig_ipv6_pool_remote_ip is indeed useful - we use it in our 
production, too.


Here:

void
+setenv_in6_addr_t (struct env_set *es, const char *name_prefix, struct 
in6_addr *addr, const bool flags)

+{

"flags" should have type "const unsigned int" instead of "const bool".


Could you also rebase it on top of master - at the moment the first part 
of socket.c fails to apply.


-Lev


02.05.2014, 01:50, Samuel Thibault kirjoitti:

David Sommerseth, le Fri 02 May 2014 01:39:05 +0200, a écrit :

On 17/04/14 14:07, Lev Stipakov wrote:

Hello,

Are there any plans to support ipv6 env vars in
client-connect/disconnect scripts?

There are at least 2 tickes on that feature:

https://community.openvpn.net/openvpn/ticket/230
https://community.openvpn.net/openvpn/ticket/369

Is there anything that prevents merging any of suggested patches to
the master branch?


I don't think I've seen these patches on the mailing list (I'm going through
the list now).


My patches were sent on 2013 May 24th on openvpn-devel.

Samuel

--
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.  Get
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs

[Openvpn-devel] [PATCH applied] Re: Fix compilcation error with --disable-crypto

[Gert Doering]

Your patch has been applied to the master branch.

(I've taken the liberty to fix the typo in the commit message :) )

commit b05a453be5dd21326e79f42b0a363f2f23eaa29a
Author: Lev Stipakov
List-Post: openvpn-devel@lists.sourceforge.net
Date:   Sat Oct 10 13:14:29 2015 +0300

 Fix compilation error with --disable-crypto

 Acked-by: Arne Schwabe 
 Message-Id: <172069-32036-1-git-send-email-lstipa...@gmail.com>
 URL: http://article.gmane.org/gmane.network.openvpn.devel/10231
 Signed-off-by: Gert Doering 


--
kind regards,

Gert Doering

Re: [Openvpn-devel] [PATCH] Fix compilcation error with --disable-crypto

[Arne Schwabe]

Am 10.10.15 um 12:14 schrieb Lev Stipakov:
> Also disable behavior for static key setup.

ACK from.

Arne

[Openvpn-devel] [PATCH] Fix compilcation error with --disable-crypto

[Lev Stipakov]

Also disable behavior for static key setup.
---
 src/openvpn/forward.c | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index 513fbae..c17be35 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -1199,13 +1199,16 @@ process_outgoing_link (struct context *c)
   if (c->c2.buf.len > 0 )
 register_activity (c, size);

+
+#ifdef ENABLE_CRYPTO
   /* for unreachable network and "connecting" state switch to the next 
host */
-  if (size < 0 && ENETUNREACH == error_code && 
!tls_initial_packet_received (c->c2.tls_multi)
- && c->options.mode == MODE_POINT_TO_POINT)
+  if (size < 0 && ENETUNREACH == error_code && c->c2.tls_multi &&
+  !tls_initial_packet_received (c->c2.tls_multi) && c->options.mode == 
MODE_POINT_TO_POINT)
{
  msg (M_INFO, "Network unreachable, restarting");
  register_signal (c, SIGUSR1, "network-unreachable");
}
+#endif
 }
   else
 {
-- 
1.9.1

[Openvpn-devel] [PATCH applied] Re: Fix --mtu-disc option with IPv6 transport

[Gert Doering]

ACK (to v2). Your patch has been applied to the master branch.

commit 2bed089d31a12c2d0277e36a64964ebab6640f75
Author: Julien Muchembled
List-Post: openvpn-devel@lists.sourceforge.net
Date:   Sat Oct 10 11:44:51 2015 +0200

 Fix --mtu-disc option with IPv6 transport

 Signed-off-by: Julien Muchembled 
 Acked-by: Arne Schwabe 
 Acked-by: Gert Doering 
 Message-Id: <170291-2980-1-git-send-email-a...@rfc2549.org>
 URL: http://article.gmane.org/gmane.network.openvpn.devel/10229
 Signed-off-by: Gert Doering 


--
kind regards,

Gert Doering

[Openvpn-devel] [[Patch V2]] Fix --mtu-disc option with IPv6 transport

[Arne Schwabe]

From: Julien Muchembled 

Socket configuration of MTU discovery was done unconditionally at IP level,
which has no effect for other protocols. This fixes the issue of OpenVPN
sending fragmented tcp6/udp6 packets even when 'mtu-disc yes' option is passed.

Patch V2 (by Arne Schwabe): Rebase to current master and have separate #ifdefs 
for IPv4 an IPv6

Signed-off-by: Julien Muchembled 
---
 src/openvpn/mtu.c| 29 ++---
 src/openvpn/mtu.h|  2 +-
 src/openvpn/socket.c |  2 +-
 3 files changed, 24 insertions(+), 9 deletions(-)

diff --git a/src/openvpn/mtu.c b/src/openvpn/mtu.c
index 3665a34..24531c9 100644
--- a/src/openvpn/mtu.c
+++ b/src/openvpn/mtu.c
@@ -153,17 +153,32 @@ frame_print (const struct frame *frame,
 #define MTUDISC_NOT_SUPPORTED_MSG "--mtu-disc is not supported on this OS"

 void
-set_mtu_discover_type (int sd, int mtu_type)
+set_mtu_discover_type (int sd, int mtu_type, sa_family_t proto_af)
 {
   if (mtu_type >= 0)
 {
-#if defined(HAVE_SETSOCKOPT) && defined(SOL_IP) && defined(IP_MTU_DISCOVER)
-  if (setsockopt (sd, SOL_IP, IP_MTU_DISCOVER, (void *) _type, sizeof 
(mtu_type)))
-   msg (M_ERR, "Error setting IP_MTU_DISCOVER type=%d on TCP/UDP socket",
-mtu_type);
-#else
-  msg (M_FATAL, MTUDISC_NOT_SUPPORTED_MSG);
+  switch (proto_af)
+   {
+#if defined(HAVE_SETSOCKOPT) && defined(IP_MTU_DISCOVER)
+   case AF_INET:
+ if (setsockopt
+ (sd, IPPROTO_IP, IP_MTU_DISCOVER, _type, sizeof (mtu_type)))
+   msg (M_ERR, "Error setting IP_MTU_DISCOVER type=%d on TCP/UDP 
socket",
+mtu_type);
+ break;
+#endif
+#if defined(HAVE_SETSOCKOPT) && defined(IPV6_MTU_DISCOVER)
+   case AF_INET6:
+ if (setsockopt
+ (sd, IPPROTO_IPV6, IPV6_MTU_DISCOVER, _type, sizeof 
(mtu_type)))
+   msg (M_ERR, "Error setting IPV6_MTU_DISCOVER type=%d on TCP6/UDP6 
socket",
+mtu_type);
+ break;
 #endif
+   default:
+ msg (M_FATAL, MTUDISC_NOT_SUPPORTED_MSG);
+ break;
+   }
 }
 }

diff --git a/src/openvpn/mtu.h b/src/openvpn/mtu.h
index bccd681..f94de89 100644
--- a/src/openvpn/mtu.h
+++ b/src/openvpn/mtu.h
@@ -207,7 +207,7 @@ void frame_print (const struct frame *frame,
  int level,
  const char *prefix);

-void set_mtu_discover_type (int sd, int mtu_type);
+void set_mtu_discover_type (int sd, int mtu_type, sa_family_t proto_af);
 int translate_mtu_discover_type_name (const char *name);

 /*
diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c
index bd8dcb1..925665c 100644
--- a/src/openvpn/socket.c
+++ b/src/openvpn/socket.c
@@ -1676,7 +1676,7 @@ phase2_set_socket_flags (struct link_socket* sock)
 set_cloexec (sock->ctrl_sd);

   /* set Path MTU discovery options on the socket */
-  set_mtu_discover_type (sock->sd, sock->mtu_discover_type);
+  set_mtu_discover_type (sock->sd, sock->mtu_discover_type, sock->info.af);

 #if EXTENDED_SOCKET_ERROR_CAPABILITY
   /* if the OS supports it, enable extended error passing on the socket */
-- 
1.9.5 (Apple Git-50.3)

Re: [Openvpn-devel] [PATCH applied] Re: Fast recovery when host is in unreachable network

[Gert Doering]

Hi,

On Sat, Oct 10, 2015 at 11:10:10AM +0200, Gert Doering wrote:
> Your patch has been applied to the master branch.

And *blam* it explodes if --disable-crypto is used...

gcc -DHAVE_CONFIG_H -I. -I../.. -I../../include  -I../../include
+-I../../src/compat -g -O2 -MT forward.o -MD -MP -MF
+.deps/forward.Tpo -c -o forward.o forward.c
forward.c: In function 'process_outgoing_link':
forward.c:1203: error: 'struct context_2' has no member named 'tls_multi'
*** [forward.o] Error code 1


Waiting for an update :-)

gert

-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


signature.asc
Description: PGP signature

[Openvpn-devel] [PATCH applied] Re: Fast recovery when host is in unreachable network

[Gert Doering]

Your patch has been applied to the master branch.

commit 99daa6b19270775006f034f21936c98a9005477d
Author: Lev Stipakov
List-Post: openvpn-devel@lists.sourceforge.net
Date:   Mon Mar 2 19:58:31 2015 +0200

 Fast recovery when host is in unreachable network

 Acked-by: Arne Schwabe 
 Message-Id: <1425319111-21291-1-git-send-email-lstipa...@gmail.com>
 URL: http://article.gmane.org/gmane.network.openvpn.devel/9498
 Signed-off-by: Gert Doering 


--
kind regards,

Gert Doering

Re: [Openvpn-devel] [PATCH] Update expiry date in management event loop

[Arne Schwabe]

Am 22.01.14 um 09:27 schrieb Thomas Veerman:
> When there are events from the management console with an interval shorter
> than 1 second, the event loop never stops as it keeps resetting event_wait.
> 

ACK. It is a strange cornercase and the patch does not change behaviour
otherwise.

Arne