[Openvpn-devel] [PATCH] Remove support for snappy compression.
LZ4 is using less CPU at similar performance, and it is easier to build and support for binary installs (as it does not require C++ and a C++ runtime). Since it was never supported in any formally released OpenVPN version, just drop it again. This leaves in the compression opcode for Snappy for documentation purposes. trac #617 Signed-off-by: Gert Doering--- configure.ac| 48 doc/openvpn.8 | 6 +- src/openvpn/Makefile.am | 3 - src/openvpn/comp.c | 11 --- src/openvpn/comp.h | 11 +-- src/openvpn/init.c | 6 +- src/openvpn/options.c | 10 --- src/openvpn/snappy.c| 189 src/openvpn/snappy.h| 39 -- src/openvpn/syshead.h | 2 +- 10 files changed, 9 insertions(+), 316 deletions(-) delete mode 100644 src/openvpn/snappy.c delete mode 100644 src/openvpn/snappy.h diff --git a/configure.ac b/configure.ac index 2e651d8..77b4915 100644 --- a/configure.ac +++ b/configure.ac @@ -66,12 +66,6 @@ AC_ARG_ENABLE( [enable_lzo="yes"] ) -AC_ARG_ENABLE(snappy, - [ --disable-snappyDisable Snappy compression support], - [enable_snappy="$enableval"], - [enable_snappy="yes"] -) - AC_ARG_ENABLE(lz4, [ --disable-lz4 Disable LZ4 compression support], [enable_lz4="$enableval"], @@ -952,45 +946,6 @@ if test "${have_lzo}" = "yes"; then fi dnl -dnl check for Snappy library -dnl - -AC_ARG_VAR([SNAPPY_CFLAGS], [C compiler flags for snappy]) -AC_ARG_VAR([SNAPPY_LIBS], [linker flags for snappy]) -if test "$enable_snappy" = "yes" && test "$enable_comp_stub" = "no"; then -AC_CHECKING([for Snappy Library and Header files]) -havesnappylib=1 - -# if SNAPPY_LIBS is set, we assume it will work, otherwise test -if test -z "${SNAPPY_LIBS}"; then - AC_CHECK_LIB(snappy, snappy_compress, - [ SNAPPY_LIBS="-lsnappy" ], - [ - AC_MSG_RESULT([Snappy library not found.]) - havesnappylib=0 - ]) -fi - -saved_CFLAGS="${CFLAGS}" -CFLAGS="${CFLAGS} ${SNAPPY_CFLAGS}" -AC_CHECK_HEADERS(snappy-c.h, - , - [ - AC_MSG_RESULT([Snappy headers not found.]) - havesnappylib=0 - ]) - -if test $havesnappylib = 0 ; then - AC_MSG_RESULT([Snappy library available from http://code.google.com/p/snappy/]) -AC_MSG_ERROR([Or try ./configure --disable-snappy OR ./configure --enable-comp-stub]) -fi -OPTIONAL_SNAPPY_CFLAGS="${SNAPPY_CFLAGS}" -OPTIONAL_SNAPPY_LIBS="${SNAPPY_LIBS}" -AC_DEFINE(ENABLE_SNAPPY, 1, [Enable Snappy compression library]) -CFLAGS="${saved_CFLAGS}" -fi - -dnl dnl check for LZ4 library dnl @@ -1154,7 +1109,6 @@ if test "${enable_lzo}" = "yes"; then fi if test "${enable_comp_stub}" = "yes"; then test "${enable_lzo}" = "yes" && AC_MSG_ERROR([Cannot have both comp stub and lzo enabled (use --disable-lzo)]) - test "${enable_snappy}" = "yes" && AC_MSG_ERROR([Cannot have both comp stub and snappy enabled (use --disable-snappy)]) test "${enable_lz4}" = "yes" && AC_MSG_ERROR([Cannot have both comp stub and LZ4 enabled (use --disable-lz4)]) AC_DEFINE([ENABLE_COMP_STUB], [1], [Enable compression stub capability]) fi @@ -1220,8 +1174,6 @@ AC_SUBST([OPTIONAL_CRYPTO_CFLAGS]) AC_SUBST([OPTIONAL_CRYPTO_LIBS]) AC_SUBST([OPTIONAL_LZO_CFLAGS]) AC_SUBST([OPTIONAL_LZO_LIBS]) -AC_SUBST([OPTIONAL_SNAPPY_CFLAGS]) -AC_SUBST([OPTIONAL_SNAPPY_LIBS]) AC_SUBST([OPTIONAL_LZ4_CFLAGS]) AC_SUBST([OPTIONAL_LZ4_LIBS]) AC_SUBST([OPTIONAL_SYSTEMD_LIBS]) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index 829b09c..3a86409 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -2495,9 +2495,9 @@ Enable a compression algorithm. The .B algorithm -parameter may be "snappy", "lzo", "lz4", or empty. Snappy, LZO and LZ4 -are different compression algorithms, with Snappy generally -offering the best performance while LZ4 is faster with less CPU usage. +parameter may be "lzo", "lz4", or empty. LZO and LZ4 +are different compression algorithms, with LZ4 generally +offering the best performance with least CPU usage. For backwards compatibility with OpenVPN versions before 2.4, use "lzo" (which is identical to the older option "\-\-comp\-lzo yes"). diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am index d089f50..c840f16 100644 --- a/src/openvpn/Makefile.am +++ b/src/openvpn/Makefile.am @@ -26,7 +26,6 @@ AM_CFLAGS = \ $(TAP_CFLAGS) \ $(OPTIONAL_CRYPTO_CFLAGS) \ $(OPTIONAL_LZO_CFLAGS) \ - $(OPTIONAL_SNAPPY_CFLAGS) \ $(OPTIONAL_LZ4_CFLAGS) \ $(OPTIONAL_PKCS11_HELPER_CFLAGS) if WIN32 @@ -102,7 +101,6 @@ openvpn_SOURCES = \ session_id.c session_id.h \ shaper.c shaper.h \ sig.c sig.h \ - snappy.c snappy.h \ socket.c socket.h \ socks.c socks.h \ ssl.c ssl.h
Re: [Openvpn-devel] [PATCH] Fix trac ticket #569
Am 10.10.15 um 18:12 schrieb janj...@nikhef.nl: > From: janjust> > Fix trac ticket #569 "White space before end tags can break the config parser" >https://community.openvpn.net/openvpn/ticket/569 > ACK from me. Arne
[Openvpn-devel] [PATCH] Fix trac ticket #569
From: janjustFix trac ticket #569 "White space before end tags can break the config parser" https://community.openvpn.net/openvpn/ticket/569 --- src/openvpn/options.c |5 - 1 files changed, 4 insertions(+), 1 deletions(-) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 7906f46..11e327c 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -3694,13 +3694,16 @@ static char * read_inline_file (struct in_src *is, const char *close_tag, struct gc_arena *gc) { char line[OPTION_LINE_SIZE]; + char *line_ptr = line; struct buffer buf = alloc_buf (8*OPTION_LINE_SIZE); char *ret; bool endtagfound = false; while (in_src_get (is, line, sizeof (line))) { - if (!strncmp (line, close_tag, strlen (close_tag))) + /* Remove leading spaces */ + while (isspace(*line_ptr)) line_ptr++; + if (!strncmp (line_ptr, close_tag, strlen (close_tag))) { endtagfound = true; break; -- 1.7.1
[Openvpn-devel] [PATCH v3] Send push reply right after async auth complete
v3: * better comments * better variable naming * include sys/inotify.h if HAVE_SYS_INOTIFY_H is defined v2: More careful inotify_watchers handling * Ensure that same multi_instance is added only once * Ensure that multi_instance is always removed v1: This feature speeds up connection establishment in cases when async authentication result is not ready when first push request arrives. At the moment server sends push reply only when it receives next push request, which comes 5 seconds later. Implementation overview. Add new configure option ENABLE_ASYNC_PUSH, which can be enabled if system supports inotify. Add inotify descriptor to an event loop. Add inotify watch for a authentication control file. Store mapping between watch descriptor and multi_instance in a dictionary. When file is closed, inotify fires an event and we continue with connection establishment - call client- connect etc and send push reply. Inotify watch descriptor got automatically deleted after file is closed or when file is removed. We catch that event and remove it from the dictionary. Feature is easily tested with sample "defer" plugin and following settings: auth-user-pass-optional setenv test_deferred_auth 3 plugin simple.so Signed-off-by: Lev StipakovAdd doxygen comment --- configure.ac | 15 + src/openvpn/forward.c | 8 +++ src/openvpn/mtcp.c| 28 + src/openvpn/mudp.c| 27 + src/openvpn/multi.c | 155 +- src/openvpn/multi.h | 21 +++ src/openvpn/openvpn.h | 10 src/openvpn/push.c| 69 +- src/openvpn/push.h| 2 + 9 files changed, 304 insertions(+), 31 deletions(-) diff --git a/configure.ac b/configure.ac index 2e651d8..32620c6 100644 --- a/configure.ac +++ b/configure.ac @@ -277,6 +277,13 @@ AC_ARG_ENABLE( [enable_systemd="no"] ) +AC_ARG_ENABLE( + [async-push], + [AS_HELP_STRING([--enable-async-push], [enable async-push support @<:@default=no@:>@])], + [enable_async_push="yes"], + [enable_async_push="no"] +) + AC_ARG_WITH( [special-build], [AS_HELP_STRING([--with-special-build=STRING], [specify special build string])], @@ -1201,6 +1208,14 @@ if test "${enable_plugin_auth_pam}" = "yes"; then fi fi +if test "${enable_async_push}" = "yes"; then + AC_CHECK_HEADERS( + [sys/inotify.h], + AC_DEFINE([ENABLE_ASYNC_PUSH], [1], [Enable async push]), + AC_MSG_ERROR([inotify.h not found.]) + ) +fi + CONFIGURE_DEFINES="`set | grep '^enable_.*=' ; set | grep '^with_.*='`" AC_DEFINE_UNQUOTED([CONFIGURE_DEFINES], ["`echo ${CONFIGURE_DEFINES}`"], [Configuration settings]) diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 7a5d383..f89c5bc 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -1371,6 +1371,9 @@ io_wait_dowork (struct context *c, const unsigned int flags) #ifdef ENABLE_MANAGEMENT static int management_shift = 6; /* depends on MANAGEMENT_READ and MANAGEMENT_WRITE */ #endif +#ifdef ENABLE_ASYNC_PUSH + static int file_shift = 8; /* listening inotify events */ +#endif /* * Decide what kind of events we want to wait for. @@ -1465,6 +1468,11 @@ io_wait_dowork (struct context *c, const unsigned int flags) management_socket_set (management, c->c2.event_set, (void*)_shift, NULL); #endif +#ifdef ENABLE_ASYNC_PUSH + /* arm inotify watcher */ + event_ctl (c->c2.event_set, c->c2.inotify_fd, EVENT_READ, (void*)_shift); +#endif + /* * Possible scenarios: * (1) tcp/udp port has data available to read diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c index dc15f09..b27c5eb 100644 --- a/src/openvpn/mtcp.c +++ b/src/openvpn/mtcp.c @@ -62,6 +62,10 @@ # define MTCP_MANAGEMENT ((void*)4) #endif +#ifdef ENABLE_ASYNC_PUSH +#define MTCP_FILE_CLOSE_WRITE ((void*)5) +#endif + #define MTCP_N ((void*)16) /* upper bound on MTCP_x */ struct ta_iow_flags @@ -245,6 +249,12 @@ multi_tcp_wait (const struct context *c, if (management) management_socket_set (management, mtcp->es, MTCP_MANAGEMENT, >management_persist_flags); #endif + +#ifdef ENABLE_ASYNC_PUSH + /* arm inotify watcher */ + event_ctl (mtcp->es, c->c2.inotify_fd, EVENT_READ, MTCP_FILE_CLOSE_WRITE); +#endif + status = event_wait (mtcp->es, >c2.timeval, mtcp->esr, mtcp->maxevents); update_time (); mtcp->n_esr = 0; @@ -636,6 +646,12 @@ multi_tcp_process_io (struct multi_context *m) { get_signal (>top.sig->signal_received); } +#ifdef ENABLE_ASYNC_PUSH + else if (e->arg == MTCP_FILE_CLOSE_WRITE) + { + multi_process_file_closed (m, MPP_PRE_SELECT | MPP_RECORD_TOUCH); + } +#endif } if (IS_SIG (>top)) break; @@ -684,6 +700,14 @@ tunnel_server_tcp (struct context *top) /* finished with initialization */
Re: [Openvpn-devel] [PATCH: tap-windows6] Added CONTRIBUTING.rst
Hi, On Sat, Oct 10, 2015 at 04:36:24PM +0300, sam...@openvpn.net wrote: From: Samuli SeppänenSigned-off-by: Samuli Seppänen Sounds good to me. I'm not sure if I have formal authority for tap-windows6, but anyway "ACK" :-) gert Pushed to tap-windows6. -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock
Re: [Openvpn-devel] [PATCH: openvpn-build] Added CONTRIBUTING.rst
Hi, On Sat, Oct 10, 2015 at 04:38:36PM +0300, sam...@openvpn.net wrote: From: Samuli SeppänenSigned-off-by: Samuli Seppänen --- CONTRIBUTING.rst | 25 + 1 file changed, 25 insertions(+) create mode 100644 CONTRIBUTING.rst Looks good to me. ACK, if I may :) gert Pushed to openvpn-build. -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock
[Openvpn-devel] [PATCH applied] Re: Add CONTRIBUTING.rst
Your patch has been applied to the master and release/2.3 branch. commit 0c1d92291e4c1829bf503067e1f9d39328d01ee9 (master) commit 6c45f8c9c268910da104b25e242c6465bb0bb54a (release/2.3) Author: Samuli Seppänen List-Post: openvpn-devel@lists.sourceforge.net Date: Sat Oct 10 16:41:14 2015 +0300 Add CONTRIBUTING.rst Signed-off-by: Samuli SeppänenAcked-by: Gert Doering Message-Id: <184474-6471-1-git-send-email-sam...@openvpn.net> Signed-off-by: Gert Doering -- kind regards, Gert Doering
Re: [Openvpn-devel] [PATCH: openvpn-build] Added CONTRIBUTING.rst
Hi, On Sat, Oct 10, 2015 at 04:38:36PM +0300, sam...@openvpn.net wrote: > From: Samuli Seppänen> > Signed-off-by: Samuli Seppänen > --- > CONTRIBUTING.rst | 25 + > 1 file changed, 25 insertions(+) > create mode 100644 CONTRIBUTING.rst Looks good to me. ACK, if I may :) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de signature.asc Description: PGP signature
Re: [Openvpn-devel] [PATCH: tap-windows6] Added CONTRIBUTING.rst
Hi, On Sat, Oct 10, 2015 at 04:36:24PM +0300, sam...@openvpn.net wrote: > From: Samuli Seppänen> > Signed-off-by: Samuli Seppänen Sounds good to me. I'm not sure if I have formal authority for tap-windows6, but anyway "ACK" :-) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de signature.asc Description: PGP signature
[Openvpn-devel] [PATCH: openvpn] Add CONTRIBUTING.rst
From: Samuli SeppänenSigned-off-by: Samuli Seppänen --- CONTRIBUTING.rst | 30 ++ 1 file changed, 30 insertions(+) create mode 100644 CONTRIBUTING.rst diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst new file mode 100644 index 000..5004620 --- /dev/null +++ b/CONTRIBUTING.rst @@ -0,0 +1,30 @@ +CONTRIBUTING TO THE OPENVPN PROJECT +=== + +Patches should be written against the Git "master" branch. Some patches may get +backported to a release branch. + +We do not currently accept GitHub pull requests for the core OpenVPN project. +Instead, all patches must be sent to "openvpn-devel" mailing list for review: + +- https://lists.sourceforge.net/lists/listinfo/openvpn-devel + +The subject line should preferably be prefixed with [PATCH]. To avoid merging +issues the patches should be generated with git-format-patch or sent using +git-send-email. Try to split large patches into small, atomic pieces to make +reviews easier. + +If you want quick feedback on a patch before sending it to openvpn-devel mailing +list, you can visit the #openvpn-devel channel on irc.freenode.net. Note that +you need to be logged in to Freenode to join the channel: + +- http://freenode.net/faq.shtml#nicksetup + +More detailed contribution instructions are available here: + +- https://community.openvpn.net/openvpn/wiki/DeveloperDocumentation + +Note that the process for contributing to other OpenVPN projects such as +openvpn-build, openvpn-gui, tap-windows6 and easy-rsa may differ from what was +described above. Please refer to the contribution instructions of each +respective project. -- 2.1.4
[Openvpn-devel] [PATCH: tap-windows6] Added CONTRIBUTING.rst
From: Samuli SeppänenSigned-off-by: Samuli Seppänen --- CONTRIBUTING.rst | 26 ++ 1 file changed, 26 insertions(+) create mode 100644 CONTRIBUTING.rst diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst new file mode 100644 index 000..6ee5908 --- /dev/null +++ b/CONTRIBUTING.rst @@ -0,0 +1,26 @@ +Contributing to tap-windows6 + + +To contribute to tap-windows6 please send your patches to openvpn-devel mailing +list: + +- https://lists.sourceforge.net/lists/listinfo/openvpn-devel + +The subject line should look like this: + + [PATCH: tap-windows6] summary of the patch + +To avoid merging issues patches should be created with git-format-patch or sent +using git-send-email. The easiest way to add the subject line prefix is to use +this option: + + --subject-prefix='PATCH: tap-windows6' + +Patches that do not modify the actual driver code can be sent as GitHub pull +requests. Try to split large patches into small, atomic pieces to make reviews +and merging easier. + +If you want quick feedback on a patch, you can visit the #openvpn-devel channel +on Freenode. Note that you need to be logged in to join the channel: + +- http://freenode.net/faq.shtml#nicksetup -- 2.1.4
Re: [Openvpn-devel] [PATCH v2] Send push reply right after async auth complete
On 07/10/15 15:32, Lev Stipakov wrote: > v2: > More careful inotify_watchers handling > * Ensure that same multi_instance is added only once > * Ensure that multi_instance is always removed > > v1: > This feature speeds up connection establishment in cases when async > authentication result is not ready when first push request arrives. At > the moment server sends push reply only when it receives next push > request, which comes 5 seconds later. > > Implementation overview. > > Add new configure option ENABLE_ASYNC_PUSH, which can be enabled if > system supports inotify. > > Add inotify descriptor to an event loop. Add inotify watch for a > authentication control file. Store mapping between watch descriptor and > multi_instance in a dictionary. When file is closed, inotify fires an > event and we continue with connection establishment - call client- > connect etc and send push reply. > > Inotify watch descriptor got automatically deleted after file is closed > or when file is removed. We catch that event and remove it from the > dictionary. > > Feature is easily tested with sample "defer" plugin and following settings: > > auth-user-pass-optional > setenv test_deferred_auth 3 > plugin simple.so > > Signed-off-by: Lev Stipakov> --- > configure.ac | 15 + > src/openvpn/forward.c | 8 +++ > src/openvpn/mtcp.c| 28 ++ > src/openvpn/mudp.c| 27 + > src/openvpn/multi.c | 152 > +- > src/openvpn/multi.h | 14 + > src/openvpn/openvpn.h | 11 > src/openvpn/push.c| 69 +-- > src/openvpn/push.h| 2 + > 9 files changed, 295 insertions(+), 31 deletions(-) > [...snip...] > diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c > index 7a5d383..134905c 100644 > --- a/src/openvpn/forward.c > +++ b/src/openvpn/forward.c > @@ -1371,6 +1371,9 @@ io_wait_dowork (struct context *c, const unsigned int > flags) > #ifdef ENABLE_MANAGEMENT >static int management_shift = 6; /* depends on MANAGEMENT_READ and > MANAGEMENT_WRITE */ > #endif > +#ifdef ENABLE_ASYNC_PUSH > + static int file_shift = 8; > +#endif Can we please have a comment on what this 'file_shift' value means? Just a single line comment. Perhaps 'file_change' would be a better name? [...snip...] > diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c > index 57118f8..30ec345 100644 > --- a/src/openvpn/mudp.c > +++ b/src/openvpn/mudp.c > @@ -38,6 +38,10 @@ > > #include "memdbg.h" > > +#ifdef ENABLE_ASYNC_PUSH > +#include > +#endif > + Maybe HAVE_SYS_INOTIFY_H is better? [...snip...] > diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c > index 902c4dc..0da9ca7 100644 > --- a/src/openvpn/multi.c > +++ b/src/openvpn/multi.c > @@ -28,6 +28,11 @@ > #include "config-msvc.h" > #endif > > +#ifdef ENABLE_ASYNC_PUSH > +#include > +#define INOTIFY_EVENT_BUFFER_SIZE 16384 > +#endif > + Maybe HAVE_SYS_INOTIFY_H is better here too? > #include "syshead.h" > > #if P2MP_SERVER > @@ -243,6 +248,20 @@ cid_compare_function (const void *key1, const void *key2) > > #endif > > +#ifdef ENABLE_ASYNC_PUSH > +static uint32_t > +int_hash_function (const void *key, uint32_t iv) > +{ > + return (unsigned long)key; > +} > This looks very odd, but I understand it's required by hash_init(). Could you add a little remark about why this function looks so "useless"? [...snip...] > @@ -1877,6 +1932,14 @@ multi_connection_established (struct multi_context *m, > struct multi_instance *mi > > /* set context-level authentication flag */ > mi->context.c2.context_auth = CAS_SUCCEEDED; > + > +#ifdef ENABLE_ASYNC_PUSH > + /* authentication complete, send push reply */ > + if (mi->context.c2.push_request_received) > + { > + process_incoming_push_request(>context); > + } > +#endif > } >else > { > @@ -1906,6 +1969,54 @@ multi_connection_established (struct multi_context *m, > struct multi_instance *mi >mi->context.c2.push_reply_deferred = false; > } > > +#ifdef ENABLE_ASYNC_PUSH > +void > +multi_process_file_closed (struct multi_context *m, const unsigned int > mpp_flags) It would be great to see a more verbose doxygen comment here, explaining what this function do, why and who calls it in which situations. > +{ > + char buffer[INOTIFY_EVENT_BUFFER_SIZE]; > + size_t buffer_i = 0; > + int r = read (m->top.c2.inotify_fd, buffer, INOTIFY_EVENT_BUFFER_SIZE); > + > + while (buffer_i < r) > +{ > + /* parse inotify events */ > + struct inotify_event *pevent = (struct inotify_event *) > [buffer_i]; > + size_t event_size = sizeof (struct inotify_event) + pevent->len; > + buffer_i += event_size; > + > + msg(D_MULTI_DEBUG, "MULTI: modified fd %d, mask %d", pevent->wd, > pevent->mask); > + > + struct multi_instance* mi = hash_lookup(m->inotify_watchers, (void*) > (unsigned long)
Re: [Openvpn-devel] ipv6 env vars to client scripts
Hi Samuel, I like the idea of patch https://community.openvpn.net/openvpn/attachment/ticket/230/patch, I think ifconfig_ipv6_pool_remote_ip is indeed useful - we use it in our production, too. Here: void +setenv_in6_addr_t (struct env_set *es, const char *name_prefix, struct in6_addr *addr, const bool flags) +{ "flags" should have type "const unsigned int" instead of "const bool". Could you also rebase it on top of master - at the moment the first part of socket.c fails to apply. -Lev 02.05.2014, 01:50, Samuel Thibault kirjoitti: David Sommerseth, le Fri 02 May 2014 01:39:05 +0200, a écrit : On 17/04/14 14:07, Lev Stipakov wrote: Hello, Are there any plans to support ipv6 env vars in client-connect/disconnect scripts? There are at least 2 tickes on that feature: https://community.openvpn.net/openvpn/ticket/230 https://community.openvpn.net/openvpn/ticket/369 Is there anything that prevents merging any of suggested patches to the master branch? I don't think I've seen these patches on the mailing list (I'm going through the list now). My patches were sent on 2013 May 24th on openvpn-devel. Samuel -- "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available. Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs
Re: [Openvpn-devel] ipv6 env vars to client scripts
Hi Samuel, I like the idea of patch https://community.openvpn.net/openvpn/attachment/ticket/230/patch, I think ifconfig_ipv6_pool_remote_ip is indeed useful - we use it in our production, too. Here: void +setenv_in6_addr_t (struct env_set *es, const char *name_prefix, struct in6_addr *addr, const bool flags) +{ "flags" should have type "const unsigned int" instead of "const bool". Could you also rebase it on top of master - at the moment the first part of socket.c fails to apply. -Lev 02.05.2014, 01:50, Samuel Thibault kirjoitti: David Sommerseth, le Fri 02 May 2014 01:39:05 +0200, a écrit : On 17/04/14 14:07, Lev Stipakov wrote: Hello, Are there any plans to support ipv6 env vars in client-connect/disconnect scripts? There are at least 2 tickes on that feature: https://community.openvpn.net/openvpn/ticket/230 https://community.openvpn.net/openvpn/ticket/369 Is there anything that prevents merging any of suggested patches to the master branch? I don't think I've seen these patches on the mailing list (I'm going through the list now). My patches were sent on 2013 May 24th on openvpn-devel. Samuel -- "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available. Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs
Re: [Openvpn-devel] ipv6 env vars to client scripts
Hi Samuel, I like the idea of patch https://community.openvpn.net/openvpn/attachment/ticket/230/patch, I think ifconfig_ipv6_pool_remote_ip is indeed useful - we use it in our production, too. Here: void +setenv_in6_addr_t (struct env_set *es, const char *name_prefix, struct in6_addr *addr, const bool flags) +{ "flags" should have type "const unsigned int" instead of "const bool". Could you also rebase it on top of master - at the moment the first part of socket.c fails to apply. -Lev 2014-05-02 1:50 GMT+02:00 Samuel Thibault: > David Sommerseth, le Fri 02 May 2014 01:39:05 +0200, a écrit : >> On 17/04/14 14:07, Lev Stipakov wrote: >> > Hello, >> > >> > Are there any plans to support ipv6 env vars in >> > client-connect/disconnect scripts? >> > >> > There are at least 2 tickes on that feature: >> > >> > https://community.openvpn.net/openvpn/ticket/230 >> > https://community.openvpn.net/openvpn/ticket/369 >> > >> > Is there anything that prevents merging any of suggested patches to >> > the master branch? >> >> I don't think I've seen these patches on the mailing list (I'm going through >> the list now). > > My patches were sent on 2013 May 24th on openvpn-devel. > > Samuel -- -Lev
Re: [Openvpn-devel] ipv6 env vars to client scripts
Hi Samuel, I like the idea of patch https://community.openvpn.net/openvpn/attachment/ticket/230/patch, I think ifconfig_ipv6_pool_remote_ip is indeed useful - we use it in our production, too. Here: void +setenv_in6_addr_t (struct env_set *es, const char *name_prefix, struct in6_addr *addr, const bool flags) +{ "flags" should have type "const unsigned int" instead of "const bool". Could you also rebase it on top of master - at the moment the first part of socket.c fails to apply. -Lev 02.05.2014, 01:50, Samuel Thibault kirjoitti: David Sommerseth, le Fri 02 May 2014 01:39:05 +0200, a écrit : On 17/04/14 14:07, Lev Stipakov wrote: Hello, Are there any plans to support ipv6 env vars in client-connect/disconnect scripts? There are at least 2 tickes on that feature: https://community.openvpn.net/openvpn/ticket/230 https://community.openvpn.net/openvpn/ticket/369 Is there anything that prevents merging any of suggested patches to the master branch? I don't think I've seen these patches on the mailing list (I'm going through the list now). My patches were sent on 2013 May 24th on openvpn-devel. Samuel -- "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available. Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs
[Openvpn-devel] [PATCH applied] Re: Fix compilcation error with --disable-crypto
Your patch has been applied to the master branch. (I've taken the liberty to fix the typo in the commit message :) ) commit b05a453be5dd21326e79f42b0a363f2f23eaa29a Author: Lev Stipakov List-Post: openvpn-devel@lists.sourceforge.net Date: Sat Oct 10 13:14:29 2015 +0300 Fix compilation error with --disable-crypto Acked-by: Arne SchwabeMessage-Id: <172069-32036-1-git-send-email-lstipa...@gmail.com> URL: http://article.gmane.org/gmane.network.openvpn.devel/10231 Signed-off-by: Gert Doering -- kind regards, Gert Doering
Re: [Openvpn-devel] [PATCH] Fix compilcation error with --disable-crypto
Am 10.10.15 um 12:14 schrieb Lev Stipakov: > Also disable behavior for static key setup. ACK from. Arne
[Openvpn-devel] [PATCH] Fix compilcation error with --disable-crypto
Also disable behavior for static key setup. --- src/openvpn/forward.c | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 513fbae..c17be35 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -1199,13 +1199,16 @@ process_outgoing_link (struct context *c) if (c->c2.buf.len > 0 ) register_activity (c, size); + +#ifdef ENABLE_CRYPTO /* for unreachable network and "connecting" state switch to the next host */ - if (size < 0 && ENETUNREACH == error_code && !tls_initial_packet_received (c->c2.tls_multi) - && c->options.mode == MODE_POINT_TO_POINT) + if (size < 0 && ENETUNREACH == error_code && c->c2.tls_multi && + !tls_initial_packet_received (c->c2.tls_multi) && c->options.mode == MODE_POINT_TO_POINT) { msg (M_INFO, "Network unreachable, restarting"); register_signal (c, SIGUSR1, "network-unreachable"); } +#endif } else { -- 1.9.1
[Openvpn-devel] [PATCH applied] Re: Fix --mtu-disc option with IPv6 transport
ACK (to v2). Your patch has been applied to the master branch. commit 2bed089d31a12c2d0277e36a64964ebab6640f75 Author: Julien Muchembled List-Post: openvpn-devel@lists.sourceforge.net Date: Sat Oct 10 11:44:51 2015 +0200 Fix --mtu-disc option with IPv6 transport Signed-off-by: Julien MuchembledAcked-by: Arne Schwabe Acked-by: Gert Doering Message-Id: <170291-2980-1-git-send-email-a...@rfc2549.org> URL: http://article.gmane.org/gmane.network.openvpn.devel/10229 Signed-off-by: Gert Doering -- kind regards, Gert Doering
[Openvpn-devel] [[Patch V2]] Fix --mtu-disc option with IPv6 transport
From: Julien MuchembledSocket configuration of MTU discovery was done unconditionally at IP level, which has no effect for other protocols. This fixes the issue of OpenVPN sending fragmented tcp6/udp6 packets even when 'mtu-disc yes' option is passed. Patch V2 (by Arne Schwabe): Rebase to current master and have separate #ifdefs for IPv4 an IPv6 Signed-off-by: Julien Muchembled --- src/openvpn/mtu.c| 29 ++--- src/openvpn/mtu.h| 2 +- src/openvpn/socket.c | 2 +- 3 files changed, 24 insertions(+), 9 deletions(-) diff --git a/src/openvpn/mtu.c b/src/openvpn/mtu.c index 3665a34..24531c9 100644 --- a/src/openvpn/mtu.c +++ b/src/openvpn/mtu.c @@ -153,17 +153,32 @@ frame_print (const struct frame *frame, #define MTUDISC_NOT_SUPPORTED_MSG "--mtu-disc is not supported on this OS" void -set_mtu_discover_type (int sd, int mtu_type) +set_mtu_discover_type (int sd, int mtu_type, sa_family_t proto_af) { if (mtu_type >= 0) { -#if defined(HAVE_SETSOCKOPT) && defined(SOL_IP) && defined(IP_MTU_DISCOVER) - if (setsockopt (sd, SOL_IP, IP_MTU_DISCOVER, (void *) _type, sizeof (mtu_type))) - msg (M_ERR, "Error setting IP_MTU_DISCOVER type=%d on TCP/UDP socket", -mtu_type); -#else - msg (M_FATAL, MTUDISC_NOT_SUPPORTED_MSG); + switch (proto_af) + { +#if defined(HAVE_SETSOCKOPT) && defined(IP_MTU_DISCOVER) + case AF_INET: + if (setsockopt + (sd, IPPROTO_IP, IP_MTU_DISCOVER, _type, sizeof (mtu_type))) + msg (M_ERR, "Error setting IP_MTU_DISCOVER type=%d on TCP/UDP socket", +mtu_type); + break; +#endif +#if defined(HAVE_SETSOCKOPT) && defined(IPV6_MTU_DISCOVER) + case AF_INET6: + if (setsockopt + (sd, IPPROTO_IPV6, IPV6_MTU_DISCOVER, _type, sizeof (mtu_type))) + msg (M_ERR, "Error setting IPV6_MTU_DISCOVER type=%d on TCP6/UDP6 socket", +mtu_type); + break; #endif + default: + msg (M_FATAL, MTUDISC_NOT_SUPPORTED_MSG); + break; + } } } diff --git a/src/openvpn/mtu.h b/src/openvpn/mtu.h index bccd681..f94de89 100644 --- a/src/openvpn/mtu.h +++ b/src/openvpn/mtu.h @@ -207,7 +207,7 @@ void frame_print (const struct frame *frame, int level, const char *prefix); -void set_mtu_discover_type (int sd, int mtu_type); +void set_mtu_discover_type (int sd, int mtu_type, sa_family_t proto_af); int translate_mtu_discover_type_name (const char *name); /* diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index bd8dcb1..925665c 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -1676,7 +1676,7 @@ phase2_set_socket_flags (struct link_socket* sock) set_cloexec (sock->ctrl_sd); /* set Path MTU discovery options on the socket */ - set_mtu_discover_type (sock->sd, sock->mtu_discover_type); + set_mtu_discover_type (sock->sd, sock->mtu_discover_type, sock->info.af); #if EXTENDED_SOCKET_ERROR_CAPABILITY /* if the OS supports it, enable extended error passing on the socket */ -- 1.9.5 (Apple Git-50.3)
Re: [Openvpn-devel] [PATCH applied] Re: Fast recovery when host is in unreachable network
Hi, On Sat, Oct 10, 2015 at 11:10:10AM +0200, Gert Doering wrote: > Your patch has been applied to the master branch. And *blam* it explodes if --disable-crypto is used... gcc -DHAVE_CONFIG_H -I. -I../.. -I../../include -I../../include +-I../../src/compat -g -O2 -MT forward.o -MD -MP -MF +.deps/forward.Tpo -c -o forward.o forward.c forward.c: In function 'process_outgoing_link': forward.c:1203: error: 'struct context_2' has no member named 'tls_multi' *** [forward.o] Error code 1 Waiting for an update :-) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de signature.asc Description: PGP signature
[Openvpn-devel] [PATCH applied] Re: Fast recovery when host is in unreachable network
Your patch has been applied to the master branch. commit 99daa6b19270775006f034f21936c98a9005477d Author: Lev Stipakov List-Post: openvpn-devel@lists.sourceforge.net Date: Mon Mar 2 19:58:31 2015 +0200 Fast recovery when host is in unreachable network Acked-by: Arne SchwabeMessage-Id: <1425319111-21291-1-git-send-email-lstipa...@gmail.com> URL: http://article.gmane.org/gmane.network.openvpn.devel/9498 Signed-off-by: Gert Doering -- kind regards, Gert Doering
Re: [Openvpn-devel] [PATCH] Update expiry date in management event loop
Am 22.01.14 um 09:27 schrieb Thomas Veerman: > When there are events from the management console with an interval shorter > than 1 second, the event loop never stops as it keeps resetting event_wait. > ACK. It is a strange cornercase and the patch does not change behaviour otherwise. Arne