Acked-by: Gert Doering
Makes sense & goes hand in hand with kernel change "commit da69782bf06",
which has landed in the official tree now. So I've tested this, of
course :-)
As the change only touches dco_freebsd.c I have only tested this
on FreeBSD (but client/server, with/without DCO).
From: Lev Stipakov
Signed-off-by: Lev Stipakov
---
build/msvc/msvc-generate/msvc-generate.vcxproj | 12 ++--
src/compat/compat.vcxproj | 12 ++--
src/openvpn/openvpn.vcxproj| 12 ++--
src/openvpnmsica/openvpnmsica.vcxproj
Hi,
On Sun, Dec 11, 2022 at 3:01 PM Marc Becker via Openvpn-devel <
openvpn-devel@lists.sourceforge.net> wrote:
> Change win32 dynamic loader behavior when supplying an absolute path.
> The DLL location is considered/preferred to resolve dependencies.
> Support in pkcs11-helper for loader flag
On Sun, Dec 11, 2022 at 08:09:13PM +0100, Marc Becker via Openvpn-devel wrote:
> Use existing wrapper for pkcs11h_addProvider to have arguments with
> "magic values" for pkcs11-helper call in a central place.
>
> Slot event argument to pkcs11h_addProvider has NOT been a boolean for
> at least 15
From: Lev Stipakov
dco_get_peer_stats fetches stats for a single peer. This is mostly
useful in client mode. So far only Windows implements that.
Signed-off-by: Lev Stipakov
---
src/openvpn/dco.h | 13 +
src/openvpn/dco_freebsd.c | 7 +++
src/openvpn/dco_linux.c |
The current code only checks if the base64-encoded metadata is at most
980 character. However, that can encode up to 735 bytes of data, while
only up to 733 bytes are allowed. When passing 734 or 735 bytes, openvpn
prints a misleading error message saying that the base64 cannot be
decoded.
This
Hi,
On Sun, Dec 11, 2022 at 2:14 PM Marc Becker via Openvpn-devel <
openvpn-devel@lists.sourceforge.net> wrote:
> The new interface in pkcs11-helper 1.28 allows decoupling of provider
> registration and initialization.
> This allows modifying more (and future) properties apart from the
> 6
Hi,
On Wed, Dec 14, 2022 at 11:49 AM Lev Stipakov wrote:
> From: Lev Stipakov
>
> dco_get_peer_stats fetches stats for a single peer. This is mostly
> useful in client mode. So far only Windows implements that.
>
Good to see this happening.. Do you have a link to a build including this
patch
From: Lev Stipakov
Existing API and implementation (FreeBSD only) are designed for
server usage. Rename it to *_multi to indicate that and not to mix
with upcoming client API/implementation.
Signed-off-by: Lev Stipakov
---
src/openvpn/dco.h | 4 ++--
src/openvpn/dco_freebsd.c | 2 +-
Add dynamic loader flag feature to bundled pkcs11-helper.
Required to allow special handling for PKCS11 providers on win32.
Signed-off-by: Marc Becker
---
Part 2 of [PATCH v3 3/3] special handling for PKCS11 providers on win32
- split contrib patch from OpenVPN change
See
Hi,
> Good to see this happening..
Turns out there is a bug in the driver at the moment - it doesn't
update OUT bytes. This particular API hasn't been used in a while.
> Does this data from the driver include both control and data channel bytes?
Yes, at the moment those are "link" bytes and
Acked-by: Gert Doering
This is indeed an important missing piece for correct stats (... to be
handed to --client-disconnect scripts, etc).
I have not tested the feature as such (kernel side support has landed
but I have not yet rebuilt that system). I *have* tested the tree
on Linux/FreeBSD
Hi,
On Wed, Dec 14, 2022 at 10:50:19PM +0200, Lev Stipakov wrote:
> On Windows control packets are handled by userspace via link
> read/write routines (which use device handle from CreateFile). Both
> FreeBSD and Linux implementations use additional, netlink-based (or
> FreeBSD analogue) channel
Acked-by: Gert Doering
This is really trivial renaming of all occurences of that function,
and nothing else. "git grep" confirms that ALL occurances have been
caught. Test compiled for good measure, but as expected, nothing broke.
Your patch has been applied to the master and release/2.6
Hi,
On Wed, Dec 14, 2022 at 1:55 PM Selva Nair wrote:
> Hi,
>
> On Wed, Dec 14, 2022 at 11:49 AM Lev Stipakov wrote:
>
>> From: Lev Stipakov
>>
>> dco_get_peer_stats fetches stats for a single peer. This is mostly
>> useful in client mode. So far only Windows implements that.
>>
>
> Good to
Hi
On Wed, Dec 14, 2022 at 6:09 PM Lev Stipakov wrote:
> Hi,
>
> Selva has asked about a build which includes this patch.
>
> Here is MSI installer which incorporates required client patches
>
> - management: add timer to output BYTECOUNT
> - Introduce dco_get_peer_stats API and Windows
From: Lev Stipakov
dco_get_peer_stats fetches stats for a single peer. This is mostly
useful in client mode. So far only Windows implements that.
Signed-off-by: Lev Stipakov
---
v2: fix error message text
src/openvpn/dco.h | 13 +
src/openvpn/dco_freebsd.c | 7 +++
Hi,
Selva has asked about a build which includes this patch.
Here is MSI installer which incorporates required client patches
- management: add timer to output BYTECOUNT
- Introduce dco_get_peer_stats API and Windows implementation
and a new driver version (0.8.3) with stats fixes.
> This data will also show up as stats on the adapter (device node) and should
> include all traffic that passes through it, no?
System adapter stats show only tun traffic - the one driver indicates
to NetAdapter. For BYTECOUNT we (userspace client) currently show link
traffic - encapsulated
Hi,
On Wed, Dec 14, 2022 at 2:06 PM Lev Stipakov wrote:
>
> > Right now what the GUI receives as bytecount is not zero, I suppose the
> daemon is reporting the control channel traffic.
>
> Yes. I will fix it in the driver so that it reports only data channel
> bytes, since control channel
From: Lev Stipakov
BYTECOUNT on management interface is used to display client stats,
for example by openvpn-gui. At the moment BYTECOUNT is sent if
there is a traffic. With DCO, userspace process doesn't see data
channel traffic, BYTECOUNT is not sent and therefore stats
are not updated.
Fix
Acked-by: Gert Doering
Tested on FreeBSD with/without DCO, client/server, all works as before.
The formatting of the switch/case bits was not what uncrustify wanted
to see, so I've adjusted this (only indenting). This makes "git show"
a bit hard to read, but "git show -w" shows that most of
More on the data channel traffic stats getting reset on reconnect:
>> Here is MSI installer which incorporates required client patches
>>
>> - management: add timer to output BYTECOUNT
>> - Introduce dco_get_peer_stats API and Windows implementation
>>
>> and a new driver version (0.8.3) with
Acked-by: Arne Schwabe
Thanks for the v2. It's identical to v1, except for the off-by-one,
and removing the now-obsolete macro, so I've taken the ACK from Arne on v1.
I have only test-compiled (and looked at the diffs).
Your patch has been applied to the master and release/2.6 branch.
commit
Hi,
I applied this pach locally, cleared vcpkg_installed directory and
verified that vcpkg indeed applied this patch:
2>-- Installing port from location:
C:\Users\lev\Projects\openvpn\contrib\vcpkg-ports\pkcs11-helper
2>-- Using cached pkcs11-helper-1.29.0.tar.bz2.
2>-- Extracting source
I do claim that I have no idea about pkcs11-helper, but this patch
isn't *that* complex, just using the existing wrapper... but still
thanks to Frank for reviewing. I have test compiled on Gentoo with
"pkcs11-helper-1.27.0-r1", and "it compiled".
I *do* find this part a bit nonintuitive...
I've done a quick read over ssl_common.h to be sure the indexes are
valid, and fed this to a light test run (client-side only, for the
start). Looks good, passes.
I can see why Antonio grumbles, but then, ensuring stuff is in a really
well-known state if we suspect it might not always be is a
This looks like a good way to recover out of "we are all confused
about state" situations. We should never get there, but then, well-
defined recovery is certainly a plus.
So far I've only stared-at-code, and done compile tests, but the
change is sufficiently platform-independent (also taking
28 matches
Mail list logo
