date:20200915

[Openvpn-devel] [PATCH v3] sample-plugins: Partially autotoolize the sample-plugins build

2020-09-15 Thread David Sommerseth

The sample-plugins have their own set of build/winbuild scripts in each
of these plugin directories.  This does not give a good way to reuse
various macros the autoconf/automake/configure process enables; which
can contain important macros to make some code build without errors or
warnings.

Normally we would embrace the full autoconf/automake approach. But this
is sample code which we only want to build per request and the built
code should not be installed anywhere via 'make install'.  But since we
do use libtool other plug-ins being installed and automake gets kind of
cranky when it comes to define certain build targets not following the
expected use cases, we try to only embrace just enough of automake to
get our main goals achieved.

This changeset kicks out the build scripts and replaces them with a
single Makefile.plugins file, which defines the plugins we want to build
by default when running 'make from the sample-plugins directory.
Neither of these plugins are otherwise built by default.  No sample-plugins
are being installed.  But we have enough strings attached to automake
to grab the CFLAGS and LDFLAGS used by the rest of the code.  This also
makes it easy to use #include "config.h" in sample code, to also get
various macros defined by the ./configure run.

This patch does not touch the winbuild scripts, as it seems building
these sample-plugins on Windows requires a bit different compile and
linking steps than *nix systems in general.

Signed-off-by: David Sommerseth 

---
v2 - Process README files with correct instructions and details
v3 - Add missing -I$(top_srcdir)/include and explicitly state GNU Make
 requirement
---
 configure.ac  |  1 +
 sample/sample-plugins/Makefile.am | 30 +++
 sample/sample-plugins/Makefile.plugins| 31 
 sample/sample-plugins/README  | 37 +++
 sample/sample-plugins/defer/README| 16 
 sample/sample-plugins/defer/build | 15 
 .../keying-material-exporter-demo/build   | 15 
 sample/sample-plugins/log/build   | 15 
 sample/sample-plugins/simple/README   | 16 
 sample/sample-plugins/simple/build| 15 
 10 files changed, 99 insertions(+), 92 deletions(-)
 create mode 100644 sample/sample-plugins/Makefile.am
 create mode 100644 sample/sample-plugins/Makefile.plugins
 create mode 100644 sample/sample-plugins/README
 delete mode 100644 sample/sample-plugins/defer/README
 delete mode 100755 sample/sample-plugins/defer/build
 delete mode 100755 sample/sample-plugins/keying-material-exporter-demo/build
 delete mode 100755 sample/sample-plugins/log/build
 delete mode 100644 sample/sample-plugins/simple/README
 delete mode 100755 sample/sample-plugins/simple/build

diff --git a/configure.ac b/configure.ac
index f8279924..ebb32204 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1433,6 +1433,7 @@ AC_CONFIG_FILES([
doc/doxygen/Makefile
doc/doxygen/openvpn.doxyfile
include/Makefile
+   sample/sample-plugins/Makefile
src/Makefile
src/compat/Makefile
src/openvpn/Makefile
diff --git a/sample/sample-plugins/Makefile.am 
b/sample/sample-plugins/Makefile.am
new file mode 100644
index ..657764a6
--- /dev/null
+++ b/sample/sample-plugins/Makefile.am
@@ -0,0 +1,30 @@
+#
+#  OpenVPN -- An application to securely tunnel IP networks
+# over a single UDP port, with support for SSL/TLS-based
+# session authentication and key exchange,
+# packet encryption, packet authentication, and
+# packet compression.
+#
+#  Copyright (C) 2002-2020 OpenVPN Inc 
+#
+
+MAINTAINERCLEANFILES = \
+   $(srcdir)/Makefile.in
+
+AM_CPPFLAGS = -I$(top_srcdir) -I$(top_srcdir)/include
+
+# We don't want automake to pull in libtool for building these
+# sample-plugins.  Even though this breaks the conceptual ideas
+# around autoconf/automake/libtools ... these sample plug-ins
+# are just sample code, not to be installed or distributed outside
+# of the source tarball.  Not even built by default, by design.
+#
+# We only add this as a simple and convenient way to build all
+# these plug-ins with the same build parameters as the rest
+# of the OpenVPN code.
+#
+# All the plugins which will be built are processed in this
+# separate Makefile, which disconnects everything just enough
+# to achieve our goal.
+include Makefile.plugins
+
diff --git a/sample/sample-plugins/Makefile.plugins 
b/sample/sample-plugins/Makefile.plugins
new file mode 100644
index ..d19aa5bb
--- /dev/null
+++ b/sample/sample-plugins/Makefile.plugins
@@ -0,0 +1,31 @@
+#  SPDX-License-Identifier: GPL-2.0-only
+#
+#  Copyright (C) 2020 OpenVPN Inc 
+#
+
+#
+# Plug-ins to build - listed entries should not carry any extensions
+#
+PLUGINS = \
+   defer/simple \
+   keying-material-exporter-demo/keyingmaterialexpor

Re: [Openvpn-devel] [PATCH v2] sample-plugins: Partially autotoolize the sample-plugins build

2020-09-15 Thread David Sommerseth

On 15/09/2020 12:22, Gert Doering wrote:
> Hi,
> 
> On Mon, Sep 14, 2020 at 02:27:21PM +0200, David Sommerseth wrote:
>> The sample-plugins have their own set of build/winbuild scripts in each
>> of these plugin directories.  This does not give a good way to reuse
>> various macros the autoconf/automake/configure process enables; which
>> can contain important macros to make some code build without errors or
>> warnings.
> 
> This looks like a step in the right direction, but is not fully working
> yet - I tried both an "in-tree" and "out of tree" build, and it fails
> compilation with
> 
> sample-plugins$ gmake
> test -d `dirname defer/simple.o` || ../../../openvpn/./install-sh -c -d 
> `dirname defer/simple.o`; \
> cc -c -o defer/simple.o -Wall -Wno-unused-parameter -Wno-unused-function -g 
> -O2 -std=c99 -I../../../openvpn -fPIC 
> ../../../openvpn/sample/sample-plugins/defer/simple.c
> ../../../openvpn/sample/sample-plugins/defer/simple.c:58:10: fatal error: 
> 'openvpn-plugin.h' file
>   not found
> #include "openvpn-plugin.h"
>  ^~
> 1 error generated.
> 
> 
> openvpn-plugin.h is installed if you install openvpn first, but if
> you only build in tree, it seems to need an extra 
> 
>   -I$(top_srcdir)/include
> 
> to find openvpn-plugin.h

Hmmm ... I would have expected that to be picked up automatically, but clearly
didn't watch the compile arguments carefully enough.

> It also needs gmake - running "make" will do "nothing at all", which
> I found surprising, but did not investigate more closely.  This is likely
> due to implicit rules that need to be written differently for BSD make.

Yikes ... I see potentially two issues here.  BSD Make seems to lack support
for $(foreach ...) and it does not grok '%.so : %.o' (which is Make "macro
magic" to simplify rule writing).  To avoid this and make it BSD Make
compatible, we would probably need to go full-fledged automake - pulling in
libtools (and the awkward .libs directories, .la/.lo files, etc, etc).

So if we're fine with reducing this to GNU Make only, the change is trivial.

> I do not think this is a serious issue - just document it in the README,
> and it's still better than 4 individual "build" files, half of it who
> were missing the needed "-I" as well :-)

New updated patch coming very soon.

-- 
kind regards,

David Sommerseth
OpenVPN Inc




signature.asc
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH applied] Re: Fix netbits setting (in TAP mode) for IPv6 on Windows.

2020-09-15 Thread Gert Doering

Patch has been applied to the master and release/2.5 branch.

(Due to build pains I have not tested this on Win7 yet, but
will do so with the upcoming beta5 installer - I do not expect
any surprises, though)

commit 81b6a7e75b343e324a44b4476c89c596d7b6c74b (master)
commit 859952560aff6d4442cdfa0c41ced494e9dc397e (release/2.5)
Author: Gert Doering
Date:   Tue Sep 15 11:41:01 2020 +0200

 Fix netbits setting (in TAP mode) for IPv6 on Windows.

 Signed-off-by: Gert Doering 
 Acked-by: Lev Stipakov 
 Message-Id: <20200915094101.86470-1-g...@greenie.muc.de>
 URL: 
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21008.html
 Signed-off-by: Gert Doering 


--
kind regards,

Gert Doering



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] Allow --dhcp-option in config file when windows-driver is wintun

2020-09-15 Thread Selva Nair

Hi

On Tue, Sep 15, 2020 at 2:48 AM Lev Stipakov  wrote:

> Hi,
>
> > -msg(M_USAGE, "--dhcp-options requires --ip-win32 dynamic or
> adaptive");
> > +msg(M_USAGE, "--dhcp-option requires --ip-win32 dynamic or
> adaptive");
>
> Nice, this typo has been there since at least 2005.
>
> It looks like that warning is not quite correct - for example,
> DNS can be set via iservice or netsh, which means that
>
> --ip-win32 netsh
> --dhcp-option DNS 8.8.8.8
>
> is a valid combination regardless of driver type. On the other hand,
> NBDD/NTP are set via DHCP.
>
> It would be good to make the warning condition more fine-grained, but
> this patch is good enough as it is, since it fixes important case - specify
> DNS in the ovpn profile when using wintun.
>

We could deprecate --ip-win32 as a user option. Default to dynamic or
adaptive, automatically fail-over to alternate methods or change it
internally as required for wintun etc.

And work towards supporting more dhcp-options when dhcp is not possible --
using iservice, API, netsh etc.

Selva
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH v2] Fix netbits setting (in TAP mode) for IPv6 on Windows.

2020-09-15 Thread Lev Stipakov

Compiled with MSVC and ipv4/tun tested.

Code looks good and Gert is IPv6 master.

Acked-by: Lev Stipakov 


___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH v2] sample-plugins: Partially autotoolize the sample-plugins build

2020-09-15 Thread Gert Doering

Hi,

On Mon, Sep 14, 2020 at 02:27:21PM +0200, David Sommerseth wrote:
> The sample-plugins have their own set of build/winbuild scripts in each
> of these plugin directories.  This does not give a good way to reuse
> various macros the autoconf/automake/configure process enables; which
> can contain important macros to make some code build without errors or
> warnings.

This looks like a step in the right direction, but is not fully working
yet - I tried both an "in-tree" and "out of tree" build, and it fails
compilation with

sample-plugins$ gmake
test -d `dirname defer/simple.o` || ../../../openvpn/./install-sh -c -d 
`dirname defer/simple.o`; \
cc -c -o defer/simple.o -Wall -Wno-unused-parameter -Wno-unused-function -g -O2 
-std=c99 -I../../../openvpn -fPIC 
../../../openvpn/sample/sample-plugins/defer/simple.c
../../../openvpn/sample/sample-plugins/defer/simple.c:58:10: fatal error: 
'openvpn-plugin.h' file
  not found
#include "openvpn-plugin.h"
 ^~
1 error generated.


openvpn-plugin.h is installed if you install openvpn first, but if
you only build in tree, it seems to need an extra 

  -I$(top_srcdir)/include

to find openvpn-plugin.h

It also needs gmake - running "make" will do "nothing at all", which
I found surprising, but did not investigate more closely.  This is likely
due to implicit rules that need to be written differently for BSD make.

I do not think this is a serious issue - just document it in the README,
and it's still better than 4 individual "build" files, half of it who
were missing the needed "-I" as well :-)

gert

-- 
"If was one thing all people took for granted, was conviction that if you 
 feed honest figures into a computer, honest figures come out. Never doubted 
 it myself till I met a computer with a sense of humor."
 Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany g...@greenie.muc.de


signature.asc
Description: PGP signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v2] Fix netbits setting (in TAP mode) for IPv6 on Windows.

2020-09-15 Thread Gert Doering

For TUN interfaces, the IPv6 address needs to be configured with
"address/128" and a local subnet route is needed, pointing to our
fake gateway fe80::8.  There is no ethernet headers or ND outside
the tun/tap interface, so anything but fe80::8 is not resolvable.

For TAP interfaces, the proper subnet mask (netbits) must be configured,
and no connected route to "our local host address" must be configured,
to make make IPv6 ND work inside the local subnet.

Our code was nicely consistent in doing the same thing in tun.c
("gui/openvpn running with admin privileges") and in the requests
to the interactive service ("gui running with user privs").  Fix in
both places.

On tun close, symmetric to addition, remove the on-link subnet route only
for "tun" interfaces.  Address removal works without specifying netbits.

While at it, extend do_address_service() to actually log both IPv4
and IPv6 addresses requested via it.

Tested on Win10/64.

v2:
  - change logging to use D_IFCONFIG
  - fix whitespace on "?" operator

Reported-By: Laurent Fasnacht 
Reported-By: Klara Mall 
Trac: #1054

Signed-off-by: Gert Doering 
---
 src/openvpn/errlevel.h |  1 +
 src/openvpn/tun.c  | 32 +---
 2 files changed, 26 insertions(+), 7 deletions(-)

diff --git a/src/openvpn/errlevel.h b/src/openvpn/errlevel.h
index e448fc37..5663f841 100644
--- a/src/openvpn/errlevel.h
+++ b/src/openvpn/errlevel.h
@@ -91,6 +91,7 @@
 #define D_OSBUF  LOGLEV(3, 43, 0)/* show socket/tun/tap 
buffer sizes */
 #define D_PS_PROXY   LOGLEV(3, 44, 0)/* messages related to 
--port-share option */
 #define D_PF_INFOLOGLEV(3, 45, 0)/* packet filter 
informational messages */
+#define D_IFCONFIG   LOGLEV(3, 0,  0)/* show ifconfig info 
(don't mute) */
 
 #define D_SHOW_PARMS LOGLEV(4, 50, 0)/* show all parameters on 
program initiation */
 #define D_SHOW_OCC   LOGLEV(4, 51, 0)/* show options 
compatibility string */
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index fde94294..faa02504 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -115,11 +115,17 @@ do_address_service(const bool add, const short family, 
const struct tuntap *tt)
 {
 addr.address.ipv4.s_addr = htonl(tt->local);
 addr.prefix_len = netmask_to_netbits2(tt->adapter_netmask);
+msg(D_IFCONFIG, "INET address service: %s %s/%d",
+add ? "add" : "remove",
+print_in_addr_t(tt->local, 0, &gc), addr.prefix_len);
 }
 else
 {
 addr.address.ipv6 = tt->local_ipv6;
-addr.prefix_len = tt->netbits_ipv6;
+addr.prefix_len = (tt->type == DEV_TYPE_TUN) ? 128 : tt->netbits_ipv6;
+msg(D_IFCONFIG, "INET6 address service: %s %s/%d",
+add ? "add" : "remove",
+print_in6_addr(tt->local_ipv6, 0, &gc), addr.prefix_len);
 }
 
 if (!send_msg_iservice(pipe, &addr, sizeof(addr), &ack, "TUN"))
@@ -1088,24 +1094,36 @@ do_ifconfig_ipv6(struct tuntap *tt, const char *ifname, 
int tun_mtu,
 else if (tt->options.msg_channel)
 {
 do_address_service(true, AF_INET6, tt);
-add_route_connected_v6_net(tt, es);
+if (tt->type == DEV_TYPE_TUN)
+{
+add_route_connected_v6_net(tt, es);
+}
 do_dns_service(true, AF_INET6, tt);
 do_set_mtu_service(tt, AF_INET6, tun_mtu);
 }
 else
 {
 /* example: netsh interface ipv6 set address interface=42
- *  2001:608:8003::d store=active
+ *  2001:608:8003::d/bits store=active
  */
 char iface[64];
 
+/* in TUN mode, we only simulate a subnet, so the interface
+ * is configured with /128 + a route to fe80::8.  In TAP mode,
+ * the correct netbits must be set, and no on-link route
+ */
+int netbits = (tt->type == DEV_TYPE_TUN) ? 128 : tt->netbits_ipv6;
+
 openvpn_snprintf(iface, sizeof(iface), "interface=%lu",
  tt->adapter_index);
-argv_printf(&argv, "%s%s interface ipv6 set address %s %s 
store=active",
+argv_printf(&argv, "%s%s interface ipv6 set address %s %s/%d 
store=active",
 get_win_sys_path(), NETSH_PATH_SUFFIX, iface,
-ifconfig_ipv6_local);
+ifconfig_ipv6_local, netbits);
 netsh_command(&argv, 4, M_FATAL);
-add_route_connected_v6_net(tt, es);
+if (tt->type == DEV_TYPE_TUN)
+{
+add_route_connected_v6_net(tt, es);
+}
 /* set ipv6 dns servers if any are specified */
 netsh_set_dns6_servers(tt->options.dns6, tt->options.dns6_len, ifname);
 windows_set_mtu(tt->adapter_index, AF_INET6, tun_mtu);
@@ -6688,7 +6706,7 @@ netsh_delete_address_dns(const struct tuntap *tt, bool 
ipv6, struct gc_arena *gc
 netsh_command(&argv, 1, M_WARN);
 }
 
-if (ipv6)
+

[Openvpn-devel] [PATCH applied] Re: Allow --dhcp-option in config file when windows-driver is wintun

2020-09-15 Thread Gert Doering

Your patch has been applied to the master and release/2.5 branch.

("Looks good to me" as well, Lev just beat me with testing and ACKing)

commit b8625abbd5be21a810b648058e6e411a7ff19702 (master)
commit 9fe13491de31fff127bdceb6026fc05732f7dfb3 (release/2.5)
Author: Selva Nair
Date:   Mon Sep 14 19:29:41 2020 -0400

 Allow --dhcp-option in config file when windows-driver is wintun

 Signed-off-by: Selva Nair 
 Acked-by: Lev Stipakov 
 Message-Id: <1600126181-16364-1-git-send-email-selva.n...@gmail.com>
 URL: 
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21005.html
 Signed-off-by: Gert Doering 


--
kind regards,

Gert Doering



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v3] sample-plugins: Partially autotoolize the sample-plugins build

Re: [Openvpn-devel] [PATCH v2] sample-plugins: Partially autotoolize the sample-plugins build

[Openvpn-devel] [PATCH applied] Re: Fix netbits setting (in TAP mode) for IPv6 on Windows.

Re: [Openvpn-devel] [PATCH] Allow --dhcp-option in config file when windows-driver is wintun

Re: [Openvpn-devel] [PATCH v2] Fix netbits setting (in TAP mode) for IPv6 on Windows.

Re: [Openvpn-devel] [PATCH v2] sample-plugins: Partially autotoolize the sample-plugins build

[Openvpn-devel] [PATCH v2] Fix netbits setting (in TAP mode) for IPv6 on Windows.

[Openvpn-devel] [PATCH applied] Re: Allow --dhcp-option in config file when windows-driver is wintun

8 matches

Site Navigation

Mail list logo

Footer information