On Wed, Jan 11, 2017 at 02:32:37PM +0800, Antonio Quartulli wrote:
> On Tue, Jan 10, 2017 at 10:35:10PM +0100, Steffan Karger wrote:
> > > @@ -6496,7 +6531,7 @@ add_option(struct options *options,
> > > else if (streq(p[0], &q
Carrying around the INLINE_TAG is not really efficient,
because it requires a strcmp() to be performed every
time we want to understand if the data is stored inline
or not.
Convert all the *_inline attributes to bool to make the
logic easier and checks more efficient.
Signed-off-by: Antonio
;multiline, p, &options->gc);
> > -add_option(options, p, prefix, line_num, 0, msglevel,
> > permission_mask, option_types_found, es);
> > +check_inline_file_via_buf(&multiline, p, &is_inline,
> > &options->gc);
> > +
Carrying around the INLINE_TAG is not really efficient,
because it requires a strcmp() to be performed every
time we want to understand if the data is stored inline
or not.
Convert all the *_inline attributes to bool to make the
logic easier and checks more efficient.
Signed-off-by: Antonio
Carrying around the INLINE_TAG is not really efficient,
because it requires a strcmp() to be performed every
time we want to understand if the data is stored inline
or not.
Convert all the *_inline attributes to bool to make the
logic easier and checks more efficient.
Signed-off-by: Antonio
Therefore, avoid the unsolicited abort by skipping the default
GW check when "local" is specified.
Signed-off-by: Antonio Quartulli
---
This patch addresses the "*Flag as bug*" concern raised by Gert.
Tested by connecting to a VPN server in the same network/LAN and by
removin
fault route as it is not
required at all.
Therefore, skip the IPv4 default route check when "local" is
specified or we are connecting to an IPv6 remote host.
Signed-off-by: Antonio Quartulli
---
Actually, the fix required to consider the IPv6 case was not as big as
expected, ther
gree that having the "--genkey file.key" syntax makes the
command much more intuitive (I also hit this every time).
The patch looks good and it does what it says.
People used to the old format will still be happy as it is still
supported. (Maybe at some point we can get rid of it)
fdef NID_chacha20_poly1305
> +case NID_chacha20_poly1305:
> #endif
> +return true;
> +}
> +}
> +#endif
> +
> +return false;
> }
>
> /*
> diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
> index 4257c33d..315303b0
Hi,
On 07/10/18 21:28, Antonio Quartulli wrote:
>> +#if defined(MBEDTLS_CHACHAPOLY_C) && (MBEDTLS_VERSION_NUMBER >= 0x020C)
>
> Why do we need the dual condition? Isn't MBEDTLS_CHACHAPOLY_C enough to
> know mbedTLS has what we need? Or you feel like we have
Hi,
On 07/10/18 21:28, Antonio Quartulli wrote:
> Hi,
>
> On 07/10/18 15:34, Steffan Karger wrote:
>> We explicitly only supported GCM as a valid AEAD mode, change that to also
>> allow ChaCha20-Poly1305 as an AEAD cipher. That works nicely with our new
>> (GCM) data
Carrying around the INLINE_TAG is not really efficient,
because it requires a strcmp() to be performed every
time we want to understand if the data is stored inline
or not.
Convert all the *_inline attributes to bool to make the
logic easier and checks more efficient.
Signed-off-by: Antonio
Hi,
On 08/10/18 02:13, Steffan Karger wrote:
> On 07-10-18 15:36, Antonio Quartulli wrote:
>> On 07/10/18 21:28, Antonio Quartulli wrote:
>>>> +#if defined(MBEDTLS_CHACHAPOLY_C) && (MBEDTLS_VERSION_NUMBER >=
>>>> 0x020C)
>>>
>>>
aCha20-Poly1305 is a stream cipher, which essentially
> has a 'block size' of 1 byte and is reported as such. So, special-case this
> cipher to be in the list of secure ciphers.
>
> Signed-off-by: Steffan Karger
> ---
> v2: code style fixes, remove unneeded version
|| cipher_kt_mode_cbc(info)))
> {
> print_cipher(info);
apparently crypto.h is not included:
crypto_mbedtls.c: In function ‘show_available_ciphers’:
crypto_mbedtls.c:161:13: warning: implicit declaration of function
‘print_cipher’; did you mean ‘print_argv’? [-Wimplicit-funct
just remove
the surrounding check, because, as you said, it is well defined behaviour.
Maybe somebody could make this consistent across the codebase.
Regards,
--
Antonio Quartulli
signature.asc
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
the original
logic and I was later able to guarantee it was not changed by the patch.
For this reason I wrote some doc for the buffer_list_* functions which I
will send as a new patch soon.
Acked-by: Antonio Quartulli
--
Antonio Quartulli
signature.asc
Description: OpenPGP digital signatu
bufferlist_* functions have no documentation whatsoever and the name is
not always enough to fully understand what the function is doing.
For this reason and for the sake of having better documented code, add
function doc in buffer.h.
Signed-off-by: Antonio Quartulli
---
Some doc might be
two print_cipher() implementations into one shared function. That should
> make it easier to keep both backends consistent.
>
> Signed-off-by: Steffan Karger
Does what it says. Simple and plain. No warning anymore.
And now we have a more meaningful text ;)
Acked-by: Antonio Quar
-by: Antonio Quartulli
---
src/openvpn/Makefile.am | 2 +-
src/openvpn/networking_ip.c | 386
src/openvpn/networking_ip.h | 36
3 files changed, 423 insertions(+), 1 deletion(-)
create mode 100644 src/openvpn/networking_ip.c
create mode 100644 src
get_default_gateway_ipv6() has always been implemented using
netlink, however, now that we have sitnl, we can re-use the
latter and get rid of the netlink code from route.c.
Signed-off-by: Antonio Quartulli
---
src/openvpn/init.c | 9 +-
src/openvpn/networking_ip.c | 2 +-
src
g a simple abstraction between the tun/route logic
and the platform dependent code.
The is API expected to be implemented outside of tun.c/route.c
by using platform specific functionalities.
Signed-off-by: Antonio Quartulli
---
src/openvpn/Makefile.am | 1 +
src/openvpn/networki
By switching to the networking API (for Linux) openvpn will
now use any of the available implementations to handle the tun
interface.
At the moment only iproute2 and sitnl (NetLink) is implemented.
Signed-off-by: Antonio Quartulli
---
src/openvpn/init.c | 22 ++--
src/openvpn/init.h
nefit from some code simplification
Signed-off-by: Antonio Quartulli
---
configure.ac | 13 +-
src/openvpn/Makefile.am|4 +-
src/openvpn/errlevel.h |1 +
src/openvpn/networking_sitnl.c | 1227
src/openvpn/networking_si
nd (thanks to opaque context);
- rebased on to pof latest master (00d78cd5)
Regards,
Antonio Quartulli (7):
implement platform generic networking API
implement networking API for iproute2
introduce sitnl: Simplified Interface To NetLink
tun.c: use new networking API to handle tun inter
By switching to the networking API (for Linux) openvpn will
now use any of the available implementations to handle the
routing table.
At the moment only iproute2 is implemented.
Signed-off-by: Antonio Quartulli
---
src/openvpn/forward.c | 2 +-
src/openvpn/init.c | 24
te is then compared with the screenshot
previously taken.
If no mismatching is found, the test is passed.
The current unit_test, however, does not cover all the
sitnl functionalities and it is expected to be extended
in the future.
Signed-off-by: Antonio Quartulli
---
co
Hi,
On 12/10/18 02:41, Antonio Quartulli wrote:
> From a high level description of this patchset, please refer to
> "[PATCH 0/4] add netlink support for Linux" sent to the mailing list on
> Apr, 20th 2018.
>
> Changes from v1:
> - introduced opaque context obje
thms, because:
> +
> + * The crypto is used before we can do any negotiation, so the algorithms
> have
> + to be predefined.
> + * The crypto primitives are chosen conservatively, making problems with
> these
> + primitives unlikely.
> + * Making anything configurable adds
es building openvpn on OpenBSD <= 4.9 (maybe this info
should be added to the commit message).
Other than that:
Acked-by: Antonio Quartulli
--
Antonio Quartulli
signature.asc
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
O
Hi,
On 22/10/18 19:45, Steffan Karger wrote:
> As a first step towards a full tls-crypt-v2 implementation, add
> functionality to generate tls-crypt-v2 client and server keys.
>
> Signed-off-by: Steffan Karger
Acked-by: Antonio Quartulli
--
Antonio Quartulli
signature.asc
Hi,
On 22/10/18 19:45, Steffan Karger wrote:
> Add helper functions to unwrap tls-crypt-v2 client keys.
>
> Signed-off-by: Steffan Karger
Acked-by: Antonio Quartulli
--
Antonio Quartulli
signature.asc
Description: OpenPGP digital
Hi,
On 22/10/18 19:45, Steffan Karger wrote:
> Not used yet, but prepare for sending and receiving tls-crypt-v2 handshake
> messages.
>
> Signed-off-by: Steffan Karger
Acked-by: Antonio Quartulli
--
Antonio Quartulli
signature.asc
Description: OpenPGP digit
Hi,
On 22/10/18 19:45, Steffan Karger wrote:
> This makes clients send-and-use, and servers receive-unwrap-and-use
> tls-crypt-v2 client keys, which completes the on-the-wire work.
>
> Signed-off-by: Steffan Karger
Acked-by: Antonio Quartulli
--
Antonio Quartulli
s
it tests.
>
> Signed-off-by: Antonio Quartulli
> Signed-off-by: Steffan Karger
Acked-by: Antonio Quartulli
--
Antonio Quartulli
signature.asc
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourc
; Openvpn-devel mailing list
> Openvpn-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel
>
--
Antonio Quartulli
signature.asc
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
(int tunnel_type, struct buffer *buf);
>
> bool is_ipv6(int tunnel_type, struct buffer *buf);
>
> +static inline int
> +af_addr_size(sa_family_t af)
> +{
> +switch (af)
> +{
> +case AF_INET: return sizeof(struct sockaddr_
45:29: warning: shift count >= width of type
[-Wshift-count-overflow]
Force time_t to be parsed as uint64_t.
Reported-by: Arne Schwabe
Signed-off-by: Antonio Quartulli
---
src/openvpn/tls_crypt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/openvpn/tls_crypt.c b/src
sense and, after listening to some people getting confused, it is
good to clarify the procedure.
Acked-by: Antonio Quartulli
> ---
> doc/openvpn.8 | 5 +
> 1 file changed, 5 insertions(+)
>
> diff --git a/doc/openvpn.8 b/doc/openvpn.8
> index 94b5cc4..f38fba9 100644
>
nt unnoticed.
We now need to rely on the data stored in the Connection Entry (ce
member of the options structure) as the tls-crypt* logic is "per
connection block" and not global anymore.
I performed some basic testing and all seems good.
Thanks for fixing this!
Acked-by: Antonio Qu
Hi,
On 26/11/2018 22:55, Arne Schwabe wrote:
> Am 11.10.18 um 20:41 schrieb Antonio Quartulli:
>> tun.c and route.c contain all the code used by openvpn
>> to manage the tun interface and the routing table on all
>> the supported platforms.
>>
>> Across the
On 26/11/2018 22:44, Arne Schwabe wrote:
> Am 11.10.18 um 20:41 schrieb Antonio Quartulli:
>> iproute2 is the first user of the new networking API and
>> its one of the two currently supported functionalities on
>> Linux (the other being net-tools).
>>
>> Thi
Hi,
On 26/11/2018 23:14, Arne Schwabe wrote:
> Am 11.10.18 um 20:41 schrieb Antonio Quartulli:
>> This patch introduces a tiny netlink interface, optimized
>> for the openvpn use case.
>>
>> It basically exposes all those operations that are currently
>> handled
ilure
(auth-token)] received, process restarting
Fri Dec 7 17:03:08 2018 us=204391 Restart pause, 5 second(s)
- client softly reconnects
- authentication is successful with user/pass again and a new token is
pushed.
Acked-by: Antonio Quartulli
--
Antonio Quartulli
signature.asc
Descripti
t's just print the port anyway"? My
suggestion would be to surround the address with [], so basically change
the printf format above from %s to [%s]. Does it make sense?
Cheers,
> }
> else
> {
>
--
Antonio Quartulli
sig
s-crypt not supported");
> +msg(M_FATAL, "ERROR: --tls-crypt not supported");
> }
> crypto_read_openvpn_key(&kt, key, key_file, key_inline, key_direction,
> "Control Channel Encryption", "tls-crypt");
Hi,
On 08/12/2018 18:03, Gert Doering wrote:
> Hi,
>
> On Sat, Dec 08, 2018 at 09:47:37AM +1000, Antonio Quartulli wrote:
>>> + /* we only print port numbers for v4mapped v6 as of
>>> +* today, because "v6addr:port" is too ambigu
truct
> tuntap *tt, unsigned int flag
> msg(M_FATAL, "Sorry, but I don't know how to do 'route ipv6' commands on
> this operating system. Try putting your routes in a --route-up script");
> #endif /* if defined(TARGET_LINUX) */
>
> +done:
4 for more
> background.
>
>
> Opinions?
I personally prefer the rfc3986 notation because it is more widespread
and, therefore, easier to understand/recognize.
The tcpdump notation has the advantage of working with both v4 and v6,
but it's not really standard, so less ideal
2.*
- fixed minor bugs discovered during the integration with OVPN3
Changes from v1:
- introduced opaque context object containing implementation specific
state;
- fixed env passed to ip command (thanks to opaque context);
- rebased on to pof latest master (00d78cd5)
Regards,
Antonio Quartull
te is then compared with the screenshot
previously taken.
If no mismatching is found, the test is passed.
The current unit_test, however, does not cover all the
sitnl functionalities and it is expected to be extended
in the future.
Signed-off-by: Antonio Quartulli
---
co
By switching to the networking API (for Linux) openvpn will
now use any of the available implementations to handle the tun
interface.
At the moment only iproute2 and sitnl (NetLink) is implemented.
Signed-off-by: Antonio Quartulli
---
src/openvpn/init.c | 22 ++--
src/openvpn/init.h
By switching to the networking API (for Linux) openvpn will
now use any of the available implementations to handle the
routing table.
At the moment only iproute2 is implemented.
Signed-off-by: Antonio Quartulli
---
src/openvpn/forward.c | 2 +-
src/openvpn/init.c
nefit from some code simplification
Signed-off-by: Antonio Quartulli
---
configure.ac | 13 +-
src/openvpn/Makefile.am|4 +-
src/openvpn/errlevel.h |1 +
src/openvpn/networking_sitnl.c | 1228
src/openvpn/networking_si
-by: Antonio Quartulli
---
src/openvpn/Makefile.am | 2 +-
src/openvpn/networking.h | 2 +-
src/openvpn/networking_iproute2.c | 386 ++
src/openvpn/networking_iproute2.h | 36 +++
4 files changed, 424 insertions(+), 2 deletions(-)
create mode
Signed-off-by: Antonio Quartulli
---
.travis.yml | 3 +++
1 file changed, 3 insertions(+)
diff --git a/.travis.yml b/.travis.yml
index ede2aaa6..b8031fd8 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -33,6 +33,9 @@ matrix:
- env: SSLLIB="openssl" OPENSSL_VERSION="1.1.0h&qu
get_default_gateway_ipv6() has always been implemented using
netlink, however, now that we have sitnl, we can re-use the
latter and get rid of the netlink code from route.c.
Signed-off-by: Antonio Quartulli
---
src/openvpn/init.c| 9 +-
src/openvpn/networking_iproute2.c | 2
o use from the "auth" parameter, but tls-crypt(-v2) statically uses
AES-256-CTR/SHA256, so that can't be changed.
Cheers,
--
Antonio Quartulli
signature.asc
Description: OpenPGP digital signature
___
Openvpn-devel mai
From: Robin Tarsiger
Add a sample plugin to explain how the new transport API is expected to
be implemented and work. It can be used for testing.
Signed-off-by: Robin Tarsiger
[anto...@openvpn.net: refactored commits, restyled code]
---
configure.ac | 9 +
src/pl
From: Robin Tarsiger
Add a new config option to allow the user to specify a transport plugin
implementing the new API. This plugin can be used to manipulate traffic
in any way, as designed by the plugin developer.
The fondamental advantage of this plugin is that the core codebase does
not need t
From: Robin Tarsiger
This new transport protocol is used to tell the core code that traffic
should not be directly processed, but should rather be rerouted to a
transport plugin. It is basically an abstraction as it does not say tell
the code how to process the data, but simply forces its redirec
From: Robin Tarsiger
This API will allow plugins to provide virtual socket implementations
with their own table of functions for operations on these sockets,
with limited but functional integration with the main OpenVPN event
loop.
This new mechanism can be used to implement alternative transpor
From: Antonio Quartulli
Dear all,
This patchset implements a new API called "Transport API" which allows the
core codebase to offload traffic/socket manipulations to an external plugin.
To understand its potential, imagine you want to apply a specific
"mutation" on any
d to setup some more
automated testing for the server side to make sure we don't introduce
regressions and similar...hopefully we'll put this together soon :-)
Cheers,
--
Antonio Quartulli
signature.asc
Description: OpenPGP digital signature
__
struct openvpn_transport_event_set_handle handle;
>> +struct event_set *real;
>> +};
>> +
>> +#if EVENT_READ == OPENVPN_TRANSPORT_EVENT_READ \
>> + && EVENT_WRITE == OPENVPN_TRANSPORT_EVENT_WRITE
>> +#define TRANSPORT_EVENT_BITS_IDENTICAL 1
>> +
Hi,
On 23/01/2019 03:22, Arne Schwabe wrote:
> Am 30.12.18 um 12:28 schrieb Antonio Quartulli:
>> From: Robin Tarsiger
>>
>> This new transport protocol is used to tell the core code that traffic
>> should not be directly processed, but should rather be rerouted to a
Hi,
On 23/01/2019 03:27, Arne Schwabe wrote:
> Am 30.12.18 um 12:29 schrieb Antonio Quartulli:
>> From: Robin Tarsiger
>>
>> Add a new config option to allow the user to specify a transport plugin
>> implementing the new API. This plugin can be used to manipulat
ondition makes me think that this function is allowed to be
invoked with maxlen == 0. However you are now introducing an ASSERT()
which would stop the execution in that case.
Either the ASSERT() is right, and then the if condition should be
removed, or the ASSERT() is wrong and should not be intro
s said, the warning could/should be implemented as a separate patch.
Regards,
--
Antonio Quartulli
signature.asc
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
the doodle with your votes by Sunday (March 24th, 2019)
night, so that on Monday morning Samuli can send out the invitation with
the elected day/time.
Link: https://doodle.com/poll/qbnsw7d4mvb5iysn#calendar
Thanks!
--
Antonio Quartulli
signature.asc
Description: OpenPGP digital
Hi all,
On 20/03/2019 21:04, Antonio Quartulli wrote:
> Hi all,
>
> As mentioned today on IRC, I have prepared a doodle to help us choose
> when to schedule the next community meetings.
>
> The doodle targets next week, but the idea is to choose a time slot that
> is good
the issue
Note: that using nobind probably fools this logic because the client
will re-connect using a different source port and thus will be
recognized as different.
Thanks.
Regards,
--
Antonio Quartulli
signature.asc
Description: OpenPGP digital signature
__
completed, therefore I am not sure session tickets can
play any role at that point, no?
Regards,
--
Antonio Quartulli
signature.asc
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://li
g a simple abstraction between the tun/route logic
and the platform dependent code.
The is API expected to be implemented outside of tun.c/route.c
by using platform specific functionalities.
Signed-off-by: Antonio Quartulli
---
src/openvpn/Makefile.am | 1 +
src/openvpn/networki
ze_t maxlen)
> {
> -strncpy(dest, src, maxlen);
> if (maxlen > 0)
> {
> + strncpy(dest, src, maxlen-1);
can you add spaces around the '-' when you commit this change?
(basically like the line below)
> dest[maxlen - 1] = 0;
> }
>
From: Antonio Quartulli
The t_net script currently has #!/bin/sh but it implicitly assume to
be using bash.
This is fine on most distros, but some do not have sh pointing to bash
by default, thus breaking the script.
Explicitly use bash to avoid failures.
On the other hand, run this unit-test
From: Antonio Quartulli
The current script is performing a tes ton the "kill" command, but this
is not useful to the t_net.sh script as it never really executes it.
Rather test that "sudo " really works.
has to be added to the sudoers file if this test
has to be perfor
From: Antonio Quartulli
Signed-off-by: Antonio Quartulli
---
src/openvpn/route.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/openvpn/route.c b/src/openvpn/route.c
index c92a1343..4cdc4a9f 100644
--- a/src/openvpn/route.c
+++ b/src/openvpn/route.c
@@ -2799,7 +2799,7
From: Antonio Quartulli
1) The test_networking driver needs the cmocka library at runtime,
therefore LD_LIBRARY_PATH has to be properly configured.
The running framework takes care of that for the other unit-tests, but
since we run the networking driver from within t_net.sh, we have to be
sure
Hi,
On 17/06/2019 19:46, Gert Doering wrote:
> Hi,
>
> On Mon, Jun 17, 2019 at 02:41:09PM +0200, Antonio Quartulli wrote:
>> +UNIT_TEST="LD_LIBRARY_PATH=$LD_LIBRARY_PATH:../vendor/dist/lib/
>> ./unit_tests/openvpn/networking_testdriver"
>
> While this *lo
From: Antonio Quartulli
1) Building the networking unit-test when SITNL is not enabled does not
make much sense right now.
Make compilation dependent on having SITNL configured.
2) Remove some no-op mock_msg function calls.
3) Remove obsolete comment and declarations
Signed-off-by: Antonio
zeof(up.remote)) == -1)
> {
> fprintf(stderr, "AUTH-PAM: BACKGROUND: read error on
> command channel: code=%d, exiting\n",
> command);
> @@ -853,6 +865,7 @@ pam_se
From: Antonio Quartulli
get_default_gateway_ipv6() has always been implemented using
netlink, however, now that we have sitnl, we can re-use the
latter and get rid of the netlink code from route.c.
Signed-off-by: Antonio Quartulli
---
Changes from v1:
- use IN6_IS_ADDR_UNSPECIFIED to check if
: FreeBSD is, as expected, showing the same things before/after, with
> ON_LINK only for test 3+4 - but that's a totally different code path, so
> no surprises here)
>
--
Antonio Quartulli
signature.asc
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
From: Antonio Quartulli
get_default_gateway_ipv6() has always been implemented using
netlink, however, now that we have sitnl, we can re-use the
latter and get rid of the netlink code from route.c.
Signed-off-by: Antonio Quartulli
---
Changes from v1:
- use IN6_IS_ADDR_UNSPECIFIED to check if
+
> +if (!rand_bytes(BEND(key), len))
Are we sure we can't call this function with 'len' longer than the
available space in 'key' ?
Cheers,
> {
> msg(M_WARN, "ERROR: could not generate random key");
> return false;
>
BCAP(key);
>>
>
> and then pass it to rand_bytes:
>
Ok, that sounds good, thanks!
>
>>> +if (!rand_bytes(BEND(key), len))
>
>
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
ived)
> @@ -1961,6 +1956,14 @@ pre_select(struct context *c)
> return;
> }
>
> +/* check coarse timers */
> +check_coarse_timers(c);
> +if (c->sig->signal_received)
> +{
> +return;
> +}
> +
> +
>
Hi,
On 24/07/2019 13:57, Gert Doering wrote:
> Hi,
>
> On Wed, Jul 24, 2019 at 01:46:36PM +0200, Antonio Quartulli wrote:
>> this patch has been mangled by your e-mail client.
>>
>> Could you please re-send it using git send-email?
>
> That seems to have b
_
>> Openvpn-devel mailing list
>> Openvpn-devel@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/openvpn-devel
>
>
> ___________
> Openvpn-devel mailing l
From: Antonio Quartulli
Hi all,
this small patchset aims at tackling most of the concerns raised by Gert
while merging the sitnl introduction patchset.
All patches are fairly small, but they are a bit intertwined (they
change nearby lines), therefore it would be better to merge them in the
From: Antonio Quartulli
At the moment a strcpy() (without length check!) is performed between a
string long IFNAMSIZ bytes and one of 16 bytes. This is ok right now
because IFNAMSIZ is defined as 16, however this bit is not under our
control and may change in he future without us being warned
From: Antonio Quartulli
Networking backend implementations may need to allocate dynamic
resources that require an explicit free/release.
Since these cleanup are perfomed not very often, and only at specific
times, it makes sense to have the upper layer signal when it's the right
time to
With the introduction of the new networking API layer on linux, some
ifdefs can be pruned or simplified.
While at it move some variable to improve readability.
Signed-off-by: Antonio Quartulli
---
src/openvpn/route.c | 20 +---
1 file changed, 9 insertions(+), 11 deletions
From: Antonio Quartulli
The prefixlen parameter is not used at all while retrieving a route
therefore it can safely be removed.
Signed-off-by: Antonio Quartulli
---
src/openvpn/networking.h | 7 ++-
src/openvpn/networking_iproute2.c | 4 ++--
src/openvpn/networking_sitnl.c
From: Antonio Quartulli
With the new networking APIs, each implementation handles garbage
collection internally and therefore does not require a gc object to be
provided by the outer layer.
However, there are a few cases where a garbage collector is still required.
In close_tun() move the
Give this file a run under uncrustify to fix a few style glitches here
and there.
Signed-off-by: Antonio Quartulli
---
src/openvpn/networking_sitnl.c | 62 +++---
1 file changed, 43 insertions(+), 19 deletions(-)
diff --git a/src/openvpn/networking_sitnl.c b/src
is not expected to ever
run on Windows.
Cheers,
>
>
>>
>> /* save result in output variables */
>> memcpy(best_gw, &res.gw, res.addr_size);
> -strcpy(best_iface, res.iface);
>> +strncpy(best_iface, res.iface,
FYI,
this patchset has undergone buildbot, travis-ci and gitlab-ci testing
and nothing out of the ordinary came out.
Regards,
On 05/08/2019 11:25, Antonio Quartulli wrote:
> From: Antonio Quartulli
>
> Hi all,
>
> this small patchset aims at tackling most of the concerns
pv6(struct route_ipv6_gateway_info
> *rgi6,
> rgi6->flags |= RGI_ADDR_DEFINED;
> }
>
> -if (rgi6->iface)
> +if (strlen(rgi6->iface))
how about adding a "> 0"? I know it's basically the same here, but I
think that'
401 - 500 of 1367 matches
Mail list logo
