Re: [Openvpn-devel] [RFC] Split plugins into their own repositories

[Eric Crist]

My two cents on this is as follows:

As a package maintainer, I think this is going to prove to be a lot of work.  
It means there are more packages to maintain, over the one I need to now.  
HOWEVER, from the OpenVPN development process, I think it's best to split 
things out, as Alon suggests, with one caveat.  Let's wait for 3.0.  That's 
already going to be a massive change to our source tree and overall build 
process, and I think it would be the right time to push that out.

Hope this helps.
-
Eric F Crist



signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: [Openvpn-devel] [V2.4 4/4] cleanup: tun: tun_engine interface

[Alon Bar-Lev]

On Sat, May 12, 2012 at 10:31 PM, Alon Bar-Lev  wrote:
> Platform independent interface for tun provider.
>
> Split the long tun.c into platform specific files using
> tun_engine interface.
>
> There is more to be done in order to clean up the code,
> however this is a good starting point.
>
> Signed-off-by: Alon Bar-Lev 
> ---
>  configure.ac                             |    6 +
>  src/openvpn/Makefile.am                  |   12 +
>  src/openvpn/error.c                      |    2 +-
>  src/openvpn/forward.c                    |   28 +-
>  src/openvpn/helper.c                     |    2 +-
>  src/openvpn/init.c                       |   41 +-
>  src/openvpn/multi.c                      |    2 +-
>  src/openvpn/options.c                    |   20 +-
>  src/openvpn/options.h                    |    5 +-
>  src/openvpn/route.c                      |    1 +
>  src/openvpn/sig.c                        |    4 +-
>  src/openvpn/syshead.h                    |   56 -
>  src/openvpn/tun-engine-common-bsd.c      |  103 +
>  src/openvpn/tun-engine-common-bsd.h      |   34 +
>  src/openvpn/tun-engine-common.c          |  518 +++
>  src/openvpn/tun-engine-common.h          |   85 +
>  src/openvpn/tun-engine-darwin.c          |  226 ++
>  src/openvpn/tun-engine-dragonfly.c       |  193 ++
>  src/openvpn/tun-engine-freebsd.c         |  229 ++
>  src/openvpn/tun-engine-generic.c         |   97 +
>  src/openvpn/tun-engine-linux-options.h   |   37 +
>  src/openvpn/tun-engine-linux.c           |  515 +++
>  src/openvpn/tun-engine-netbsd.c          |  318 ++
>  src/openvpn/tun-engine-openbsd.c         |  259 ++
>  src/openvpn/tun-engine-options.h         |   37 +
>  src/openvpn/tun-engine-solaris.c         |  491 +++
>  src/openvpn/tun-engine-windows-options.h |   92 +
>  src/openvpn/tun-engine-windows-util.h    |   83 +
>  src/openvpn/tun-engine-windows.c         | 2757 
>  src/openvpn/tun-engine.h                 |   95 +
>  src/openvpn/tun.c                        | 5019 
> ++
>  src/openvpn/tun.h                        |  457 +---
>  32 files changed, 6542 insertions(+), 5282 deletions(-)
>  create mode 100644 src/openvpn/tun-engine-common-bsd.c
>  create mode 100644 src/openvpn/tun-engine-common-bsd.h
>  create mode 100644 src/openvpn/tun-engine-common.c
>  create mode 100644 src/openvpn/tun-engine-common.h
>  create mode 100644 src/openvpn/tun-engine-darwin.c
>  create mode 100644 src/openvpn/tun-engine-dragonfly.c
>  create mode 100644 src/openvpn/tun-engine-freebsd.c
>  create mode 100644 src/openvpn/tun-engine-generic.c
>  create mode 100644 src/openvpn/tun-engine-linux-options.h
>  create mode 100644 src/openvpn/tun-engine-linux.c
>  create mode 100644 src/openvpn/tun-engine-netbsd.c
>  create mode 100644 src/openvpn/tun-engine-openbsd.c
>  create mode 100644 src/openvpn/tun-engine-options.h
>  create mode 100644 src/openvpn/tun-engine-solaris.c
>  create mode 100644 src/openvpn/tun-engine-windows-options.h
>  create mode 100644 src/openvpn/tun-engine-windows-util.h
>  create mode 100644 src/openvpn/tun-engine-windows.c
>  create mode 100644 src/openvpn/tun-engine.h
>

Too large for mailing list.
Please review at[1][2].

Alon.

[1] 
https://github.com/alonbl/openvpn/commit/c0c64bfa5369fb4abe7045a995fae2d33a34570f
[2] 
https://github.com/alonbl/openvpn/commit/c0c64bfa5369fb4abe7045a995fae2d33a34570f.patch

[Openvpn-devel] [V2.4 3/4] cleanup: remove tun_adjust_frame_parameters

[Alon Bar-Lev]

It is a wrapper of frame_add_to_extra_tun, no sense to keep both around.

Signed-off-by: Alon Bar-Lev 
---
 src/openvpn/init.c |2 +-
 src/openvpn/tun.h  |6 --
 2 files changed, 1 insertions(+), 7 deletions(-)

diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index eb4c5df..0bd3f75 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -2437,7 +2437,7 @@ do_init_frame (struct context *c)
* Adjust frame size based on the --tun-mtu-extra parameter.
*/
   if (c->options.ce.tun_mtu_extra_defined)
-tun_adjust_frame_parameters (>c2.frame, c->options.ce.tun_mtu_extra);
+frame_add_to_extra_tun (>c2.frame, c->options.ce.tun_mtu_extra);

   /*
* Adjust frame size based on link socket parameters.
diff --git a/src/openvpn/tun.h b/src/openvpn/tun.h
index 7a8e769..f96bb50 100644
--- a/src/openvpn/tun.h
+++ b/src/openvpn/tun.h
@@ -255,12 +255,6 @@ bool is_tun_p2p (const struct tuntap *tt);
  * Inline functions
  */

-static inline void
-tun_adjust_frame_parameters (struct frame* frame, int size)
-{
-  frame_add_to_extra_tun (frame, size);
-}
-
 /*
  * Should ifconfig be called before or after
  * tun dev open?
-- 
1.7.3.4

[Openvpn-devel] [V2.4 2/4] cleanup: move warn_on_use_of_common_subnets to init.c

[Alon Bar-Lev]

No dependencies and init.c is the only user.

Signed-off-by: Alon Bar-Lev 
---
 src/openvpn/init.c |   18 ++
 src/openvpn/tun.c  |   17 -
 src/openvpn/tun.h  |2 --
 3 files changed, 18 insertions(+), 19 deletions(-)

diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 61ced5d..eb4c5df 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -59,6 +59,24 @@ static struct context *static_context; /* GLOBAL */

 static void do_init_first_time (struct context *c);

+static
+void
+warn_on_use_of_common_subnets (void)
+{
+  struct gc_arena gc = gc_new ();
+  struct route_gateway_info rgi;
+  const int needed = (RGI_ADDR_DEFINED|RGI_NETMASK_DEFINED);
+
+  get_default_gateway ();
+  if ((rgi.flags & needed) == needed)
+{
+  const in_addr_t lan_network = rgi.gateway.addr & rgi.gateway.netmask;
+  if (lan_network == 0xC0A8 || lan_network == 0xC0A80100)
+   msg (M_WARN, "NOTE: your local LAN uses the extremely common subnet 
address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing 
conflicts if you connect to the VPN server from public locations such as 
internet cafes that use the same subnet.");
+}
+  gc_free ();
+}
+
 void
 context_clear (struct context *c)
 {
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 033c1e2..31684f4 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -242,23 +242,6 @@ check_addr_clash (const char *name,
   gc_free ();
 }

-void
-warn_on_use_of_common_subnets (void)
-{
-  struct gc_arena gc = gc_new ();
-  struct route_gateway_info rgi;
-  const int needed = (RGI_ADDR_DEFINED|RGI_NETMASK_DEFINED);
-
-  get_default_gateway ();
-  if ((rgi.flags & needed) == needed)
-{
-  const in_addr_t lan_network = rgi.gateway.addr & rgi.gateway.netmask;
-  if (lan_network == 0xC0A8 || lan_network == 0xC0A80100)
-   msg (M_WARN, "NOTE: your local LAN uses the extremely common subnet 
address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing 
conflicts if you connect to the VPN server from public locations such as 
internet cafes that use the same subnet.");
-}
-  gc_free ();
-}
-
 /*
  * Complain if --dev tap and --ifconfig is used on an OS for which
  * we don't have a custom tap ifconfig template below.
diff --git a/src/openvpn/tun.h b/src/openvpn/tun.h
index bea1554..7a8e769 100644
--- a/src/openvpn/tun.h
+++ b/src/openvpn/tun.h
@@ -251,8 +251,6 @@ const char *ifconfig_options_string (const struct tuntap* 
tt, bool remote, bool

 bool is_tun_p2p (const struct tuntap *tt);

-void warn_on_use_of_common_subnets (void);
-
 /*
  * Inline functions
  */
-- 
1.7.3.4

[Openvpn-devel] [V2.4 1/4] cleanup: remove check_subnet_conflict

[Alon Bar-Lev]

Commeted out as "too many false positives".

Signed-off-by: Alon Bar-Lev 
---
 src/openvpn/route.c |1 -
 src/openvpn/tun.c   |   43 ---
 src/openvpn/tun.h   |4 
 3 files changed, 0 insertions(+), 48 deletions(-)

diff --git a/src/openvpn/route.c b/src/openvpn/route.c
index 7c25c77..f36c324 100644
--- a/src/openvpn/route.c
+++ b/src/openvpn/route.c
@@ -1030,7 +1030,6 @@ add_routes (struct route_list *rl, struct route_ipv6_list 
*rl6, const struct tun
   for (i = 0; i < rl->n; ++i)
{
  struct route *r = >routes[i];
- check_subnet_conflict (r->network, r->netmask, "route");
  if (flags & ROUTE_DELETE_FIRST)
delete_route (r, tt, flags, >rgi, es);
  add_route (r, tt, flags, >rgi, es);
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 71abbf3..033c1e2 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -242,44 +242,6 @@ check_addr_clash (const char *name,
   gc_free ();
 }

-/*
- * Issue a warning if ip/netmask (on the virtual IP network) conflicts with
- * the settings on the local LAN.  This is designed to flag issues where
- * (for example) the OpenVPN server LAN is running on 192.168.1.x, but then
- * an OpenVPN client tries to connect from a public location that is also 
running
- * off of a router set to 192.168.1.x.
- */
-void
-check_subnet_conflict (const in_addr_t ip,
-  const in_addr_t netmask,
-  const char *prefix)
-{
-#if 0 /* too many false positives */
-  struct gc_arena gc = gc_new ();
-  in_addr_t lan_gw = 0;
-  in_addr_t lan_netmask = 0;
-
-  if (get_default_gateway (_gw, _netmask) && lan_netmask)
-{
-  const in_addr_t lan_network = lan_gw & lan_netmask; 
-  const in_addr_t network = ip & netmask;
-
-  /* do the two subnets defined by network/netmask and 
lan_network/lan_netmask intersect? */
-  if ((network & lan_netmask) == lan_network
- || (lan_network & netmask) == network)
-   {
- msg (M_WARN, "WARNING: potential %s subnet conflict between local LAN 
[%s/%s] and remote VPN [%s/%s]",
-  prefix,
-  print_in_addr_t (lan_network, 0, ),
-  print_in_addr_t (lan_netmask, 0, ),
-  print_in_addr_t (network, 0, ),
-  print_in_addr_t (netmask, 0, ));
-   }
-}
-  gc_free ();
-#endif
-}
-
 void
 warn_on_use_of_common_subnets (void)
 {
@@ -485,11 +447,6 @@ init_tun (const char *dev,   /* --dev option */
remote_public,
tt->local,
tt->remote_netmask);
-
- if (tt->type == DEV_TYPE_TAP || (tt->type == DEV_TYPE_TUN && 
tt->topology == TOP_SUBNET))
-   check_subnet_conflict (tt->local, tt->remote_netmask, "TUN/TAP 
adapter");
- else if (tt->type == DEV_TYPE_TUN)
-   check_subnet_conflict (tt->local, IPV4_NETMASK_HOST, "TUN/TAP 
adapter");
}

   /*
diff --git a/src/openvpn/tun.h b/src/openvpn/tun.h
index 9bd990f..bea1554 100644
--- a/src/openvpn/tun.h
+++ b/src/openvpn/tun.h
@@ -251,10 +251,6 @@ const char *ifconfig_options_string (const struct tuntap* 
tt, bool remote, bool

 bool is_tun_p2p (const struct tuntap *tt);

-void check_subnet_conflict (const in_addr_t ip,
-   const in_addr_t netmask,
-   const char *prefix);
-
 void warn_on_use_of_common_subnets (void);

 /*
-- 
1.7.3.4

[Openvpn-devel] [V2.4 0/4] tun cleanups

[Alon Bar-Lev]

Platform independent interface for tun provider.

Split the long tun.c into platform specific files using
tun_engine interface.

Functionality is the same.

Maintenance will be much easier! new options, like stacking
several interfaces and delegate partial control to plugin.

There is more to be done in order to clean up the code,
however this is a good starting point.

Some more minor cleanups.

Tested on Linux, FreeBSD, Windows.

Branch should be merge after syshead[1].
Most probably patch exceeds list limitation, review is available[2].

This is for 2.4, please review quickly this so won't need to rebase.

Special thanks to Eric Crist for his FreeBSD help.

[1] https://github.com/alonbl/openvpn/compare/build...syshead
[2] https://github.com/alonbl/openvpn/compare/syshead...tun

Alon Bar-Lev (4):
  cleanup: remove check_subnet_conflict
  cleanup: move warn_on_use_of_common_subnets to init.c
  cleanup: remove tun_adjust_frame_parameters
  cleanup: tun: tun_engine interface

 configure.ac |6 +
 src/openvpn/Makefile.am  |   12 +
 src/openvpn/error.c  |2 +-
 src/openvpn/forward.c|   28 +-
 src/openvpn/helper.c |2 +-
 src/openvpn/init.c   |   61 +-
 src/openvpn/multi.c  |2 +-
 src/openvpn/options.c|   20 +-
 src/openvpn/options.h|5 +-
 src/openvpn/route.c  |2 +-
 src/openvpn/sig.c|4 +-
 src/openvpn/syshead.h|   56 -
 src/openvpn/tun-engine-common-bsd.c  |  103 +
 src/openvpn/tun-engine-common-bsd.h  |   34 +
 src/openvpn/tun-engine-common.c  |  518 +++
 src/openvpn/tun-engine-common.h  |   85 +
 src/openvpn/tun-engine-darwin.c  |  226 ++
 src/openvpn/tun-engine-dragonfly.c   |  193 ++
 src/openvpn/tun-engine-freebsd.c |  229 ++
 src/openvpn/tun-engine-generic.c |   97 +
 src/openvpn/tun-engine-linux-options.h   |   37 +
 src/openvpn/tun-engine-linux.c   |  515 +++
 src/openvpn/tun-engine-netbsd.c  |  318 ++
 src/openvpn/tun-engine-openbsd.c |  259 ++
 src/openvpn/tun-engine-options.h |   37 +
 src/openvpn/tun-engine-solaris.c |  491 +++
 src/openvpn/tun-engine-windows-options.h |   92 +
 src/openvpn/tun-engine-windows-util.h|   83 +
 src/openvpn/tun-engine-windows.c | 2757 
 src/openvpn/tun-engine.h |   95 +
 src/openvpn/tun.c| 5053 ++
 src/openvpn/tun.h|  469 +---
 32 files changed, 6548 insertions(+), 5343 deletions(-)
 create mode 100644 src/openvpn/tun-engine-common-bsd.c
 create mode 100644 src/openvpn/tun-engine-common-bsd.h
 create mode 100644 src/openvpn/tun-engine-common.c
 create mode 100644 src/openvpn/tun-engine-common.h
 create mode 100644 src/openvpn/tun-engine-darwin.c
 create mode 100644 src/openvpn/tun-engine-dragonfly.c
 create mode 100644 src/openvpn/tun-engine-freebsd.c
 create mode 100644 src/openvpn/tun-engine-generic.c
 create mode 100644 src/openvpn/tun-engine-linux-options.h
 create mode 100644 src/openvpn/tun-engine-linux.c
 create mode 100644 src/openvpn/tun-engine-netbsd.c
 create mode 100644 src/openvpn/tun-engine-openbsd.c
 create mode 100644 src/openvpn/tun-engine-options.h
 create mode 100644 src/openvpn/tun-engine-solaris.c
 create mode 100644 src/openvpn/tun-engine-windows-options.h
 create mode 100644 src/openvpn/tun-engine-windows-util.h
 create mode 100644 src/openvpn/tun-engine-windows.c
 create mode 100644 src/openvpn/tun-engine.h

-- 
1.7.3.4

[Openvpn-devel] [PATCH 16/16] clenaup: syshead: reworder/cleanup includes

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 configure.ac  |2 +-
 src/openvpn/syshead.h |  146 -
 2 files changed, 36 insertions(+), 112 deletions(-)

diff --git a/configure.ac b/configure.ac
index cca9508..97eb5f0 100644
--- a/configure.ac
+++ b/configure.ac
@@ -643,7 +643,7 @@ old_CFLAGS="${CFLAGS}"
 CFLAGS="${CFLAGS} ${TAP_CFLAGS}"
 AC_CHECK_HEADERS(
[ \
-   net/if_tun.h net/tun/if_tun.h \
+   net/if_tun.h net/tun/if_tun.h net/if_tap.h \
linux/if_tun.h \
tap-windows.h \
],
diff --git a/src/openvpn/syshead.h b/src/openvpn/syshead.h
index d5a9af1..1b9cbe0 100644
--- a/src/openvpn/syshead.h
+++ b/src/openvpn/syshead.h
@@ -31,6 +31,10 @@
 #ifdef WIN32
 #include 
 #include 
+#include 
+#include 
+#include 
+#include 
 #endif

 #ifdef HAVE_SYS_TYPES_H
@@ -135,18 +139,6 @@
 #include 
 #endif

-#ifdef HAVE_NETDB_H
-#include 
-#endif
-
-#ifdef HAVE_NETINET_IN_H
-#include 
-#endif
-
-#ifdef HAVE_RESOLV_H
-#include 
-#endif
-
 #ifdef HAVE_SYS_POLL_H
 #include 
 #endif
@@ -155,6 +147,10 @@
 #include 
 #endif

+#ifdef HAVE_SYS_MMAN_H
+#include 
+#endif
+
 #ifdef ENABLE_SELINUX
 #include 
 #endif
@@ -163,29 +159,47 @@
 #include 
 #endif

-#ifdef TARGET_SOLARIS
 #ifdef HAVE_STRINGS_H
 #include 
 #endif
-#else
+
 #ifdef HAVE_STRING_H
 #include 
 #endif
+
+#ifdef HAVE_STROPTS_H
+#include 
+#endif
+
+#ifdef HAVE_NETDB_H
+#include 
 #endif

 #ifdef HAVE_ARPA_INET_H
 #include 
 #endif

+#ifdef HAVE_NETINET_IN_H
+#include 
+#endif
+
+#ifdef HAVE_NETINET_IP_H
+#include 
+#endif
+
+#ifdef HAVE_NETINET_TCP_H
+#include 
+#endif
+
 #ifdef HAVE_NET_IF_H
 #include 
 #endif

-#ifdef TARGET_NETBSD
-#include 
+#ifdef HAVE_RESOLV_H
+#include 
 #endif

-#ifdef TARGET_LINUX
+#if defined(TARGET_LINUX)

 #if defined(HAVE_NETINET_IF_ETHER_H)
 #include 
@@ -195,10 +209,6 @@
 #include 
 #endif

-#ifdef HAVE_NETINET_IP_H
-#include 
-#endif
-
 #ifdef HAVE_LINUX_SOCKIOS_H
 #include 
 #endif
@@ -211,17 +221,7 @@
 #include 
 #endif

-#ifdef HAVE_NETINET_TCP_H
-#include 
-#endif
-
-#endif /* TARGET_LINUX */
-
-#ifdef TARGET_SOLARIS
-
-#ifdef HAVE_STROPTS_H
-#include 
-#endif
+#elif defined(TARGET_SOLARIS)

 #ifdef HAVE_NET_IF_TUN_H
 #include 
@@ -231,41 +231,7 @@
 #include 
 #endif

-#ifdef HAVE_NETINET_IN_SYSTM_H
-#include 
-#endif
-
-#ifdef HAVE_NETINET_IP_H
-#include 
-#endif
-
-#ifdef HAVE_NETINET_TCP_H
-#include 
-#endif
-
-#endif /* TARGET_SOLARIS */
-
-#ifdef TARGET_OPENBSD
-
-#ifdef HAVE_SYS_UIO_H
-#include 
-#endif
-
-#ifdef HAVE_NETINET_IN_SYSTM_H
-#include 
-#endif
-
-#ifdef HAVE_NETINET_IP_H
-#include 
-#endif
-
-#ifdef HAVE_NET_IF_TUN_H
-#include 
-#endif
-
-#endif /* TARGET_OPENBSD */
-
-#ifdef TARGET_FREEBSD
+#elif defined(TARGET_OPENBSD) || defined(TARGET_FREEBSD) || 
defined(TARGET_NETBSD) || defined(TARGET_DRAGONFLY)

 #ifdef HAVE_SYS_UIO_H
 #include 
@@ -275,60 +241,18 @@
 #include 
 #endif

-#ifdef HAVE_NETINET_IP_H
-#include 
-#endif
-
 #ifdef HAVE_NET_IF_TUN_H
 #include 
 #endif

-#endif /* TARGET_FREEBSD */
-
-#ifdef TARGET_NETBSD
-
-#ifdef HAVE_NET_IF_TUN_H
-#include 
-#endif
-
-#ifdef HAVE_NETINET_TCP_H
-#include 
-#endif
-
-#endif /* TARGET_NETBSD */
-
-#ifdef TARGET_DRAGONFLY
-
-#ifdef HAVE_SYS_UIO_H
-#include 
-#endif
-
-#ifdef HAVE_NETINET_IN_SYSTM_H
-#include 
-#endif
-
-#ifdef HAVE_NETINET_IP_H
-#include 
-#endif
-
 #ifdef HAVE_NET_TUN_IF_TUN_H
 #include 
 #endif

-#endif /* TARGET_DRAGONFLY */
-
-#ifdef WIN32
-#include 
-#include 
-#include 
-#include 
-/* The following two headers are needed of PF_INET6 */
-#include 
-#include 
+#ifdef HAVE_NET_IF_TAP_H
+#include 
 #endif

-#ifdef HAVE_SYS_MMAN_H
-#include 
 #endif

 /*
-- 
1.7.3.4

[Openvpn-devel] [PATCH 14/16] cleanup: syshead: move SOL_IP emulation to autoconf

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 configure.ac  |   11 +++
 src/openvpn/syshead.h |8 
 2 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/configure.ac b/configure.ac
index 2c80ef4..193d287 100644
--- a/configure.ac
+++ b/configure.ac
@@ -490,6 +490,17 @@ AC_CHECK_DECLS(
,
[[${SOCKET_INCLUDES}]]
 )
+AC_CHECK_DECLS(
+   [SOL_IP],
+   ,
+   [AC_CHECK_DECLS(
+   [IPPROTO_IP],
+   [AC_DEFINE_UNQUOTED([SOL_IP], [IPPROTO_IP], [SOL_IP 
emulation])],
+   [AC_MSG_ERROR([cannot find SOL_IP or IPPROTO_IP])],
+   [[${SOCKET_INCLUDES}]]
+   )],
+   [[${SOCKET_INCLUDES}]]
+)

 dnl We emulate signals in Windows
 AC_CHECK_DECLS(
diff --git a/src/openvpn/syshead.h b/src/openvpn/syshead.h
index f908752..c4dfd0b 100644
--- a/src/openvpn/syshead.h
+++ b/src/openvpn/syshead.h
@@ -367,14 +367,6 @@
 #endif

 /*
- * Does this platform define SOL_IP
- * or only bsd-style IPPROTO_IP ?
- */
-#ifndef SOL_IP
-#define SOL_IP IPPROTO_IP
-#endif
-
-/*
  * Do we have a syslog capability?
  */
 #if defined(HAVE_OPENLOG) && defined(HAVE_SYSLOG)
-- 
1.7.3.4

[Openvpn-devel] [PATCH 13/16] cleanup: syshead: remove dead code

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 src/openvpn/syshead.h |   14 --
 1 files changed, 0 insertions(+), 14 deletions(-)

diff --git a/src/openvpn/syshead.h b/src/openvpn/syshead.h
index 657c884..f908752 100644
--- a/src/openvpn/syshead.h
+++ b/src/openvpn/syshead.h
@@ -375,14 +375,6 @@
 #endif

 /*
- * Disable ESEC
- */
-#if 0
-#undef EXTENDED_SOCKET_ERROR_CAPABILITY
-#define EXTENDED_SOCKET_ERROR_CAPABILITY 0
-#endif
-
-/*
  * Do we have a syslog capability?
  */
 #if defined(HAVE_OPENLOG) && defined(HAVE_SYSLOG)
@@ -548,12 +540,6 @@
 #define EPOLL 0
 #endif

-/* Disable EPOLL */
-#if 0
-#undef EPOLL
-#define EPOLL 0
-#endif
-
 /*
  * Should we allow ca/cert/key files to be
  * included inline, in the configuration file?
-- 
1.7.3.4

[Openvpn-devel] [PATCH 12/16] cleanup: syshead: move socket compat into basic.h

[Alon Bar-Lev]

Probably not the best place, however, better than syshead.

Signed-off-by: Alon Bar-Lev 
---
 src/openvpn/basic.h   |   17 +
 src/openvpn/syshead.h |   17 -
 2 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/src/openvpn/basic.h b/src/openvpn/basic.h
index 9746315..ac325e1 100644
--- a/src/openvpn/basic.h
+++ b/src/openvpn/basic.h
@@ -58,4 +58,21 @@
 # endif
 #endif

+/*
+ * Our socket descriptor type.
+ */
+#ifdef WIN32
+#define SOCKET_UNDEFINED (INVALID_SOCKET)
+typedef SOCKET socket_descriptor_t;
+#else
+#define SOCKET_UNDEFINED (-1)
+typedef int socket_descriptor_t;
+#endif
+
+static inline int
+socket_defined (const socket_descriptor_t sd)
+{
+  return sd != SOCKET_UNDEFINED;
+}
+
 #endif
diff --git a/src/openvpn/syshead.h b/src/openvpn/syshead.h
index 3fd955d..657c884 100644
--- a/src/openvpn/syshead.h
+++ b/src/openvpn/syshead.h
@@ -392,23 +392,6 @@
 #endif

 /*
- * Our socket descriptor type.
- */
-#ifdef WIN32
-#define SOCKET_UNDEFINED (INVALID_SOCKET)
-typedef SOCKET socket_descriptor_t;
-#else
-#define SOCKET_UNDEFINED (-1)
-typedef int socket_descriptor_t;
-#endif
-
-static inline int
-socket_defined (const socket_descriptor_t sd)
-{
-  return sd != SOCKET_UNDEFINED;
-}
-
-/*
  * Should we enable the use of execve() for calling subprocesses,
  * instead of system()?
  */
-- 
1.7.3.4

[Openvpn-devel] [PATCH 11/16] cleanup: syshead: move _P1003_1B_VISIBLE to autoconf

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 configure.ac  |2 +-
 src/openvpn/syshead.h |3 ---
 2 files changed, 1 insertions(+), 4 deletions(-)

diff --git a/configure.ac b/configure.ac
index 078e46f..2c80ef4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -291,7 +291,7 @@ case "$host" in
AC_DEFINE([TARGET_DARWIN], [1], [Are we running on Mac OS X?])
AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["M"], [Target prefix])
dnl some Mac OS X tendering (we use vararg macros...)
-   CPPFLAGS="$CPPFLAGS -no-cpp-precomp"
+   CPPFLAGS="$CPPFLAGS -no-cpp-precomp -D_P1003_1B_VISIBLE"
;;
*-mingw*)
AC_DEFINE([TARGET_WIN32], [1], [Are we running WIN32?])
diff --git a/src/openvpn/syshead.h b/src/openvpn/syshead.h
index e522876..3fd955d 100644
--- a/src/openvpn/syshead.h
+++ b/src/openvpn/syshead.h
@@ -328,9 +328,6 @@
 #endif

 #ifdef HAVE_SYS_MMAN_H
-#ifdef TARGET_DARWIN
-#define _P1003_1B_VISIBLE
-#endif /* TARGET_DARWIN */
 #include 
 #endif

-- 
1.7.3.4

[Openvpn-devel] [PATCH 06/16] clenaup: syshead: remove wait macros wrappers

[Alon Bar-Lev]

WEXITSTATUS is POSIX, show me the platform that does not support this.

WIFEXITED is not used at Windows code.

Signed-off-by: Alon Bar-Lev 
---
 src/openvpn/syshead.h |9 -
 1 files changed, 0 insertions(+), 9 deletions(-)

diff --git a/src/openvpn/syshead.h b/src/openvpn/syshead.h
index c5bf4a8..3e64936 100644
--- a/src/openvpn/syshead.h
+++ b/src/openvpn/syshead.h
@@ -53,15 +53,6 @@
 # include 
 #endif

-#ifndef WIN32
-#ifndef WEXITSTATUS
-# define WEXITSTATUS(stat_val) ((unsigned)(stat_val) >> 8)
-#endif
-#ifndef WIFEXITED
-# define WIFEXITED(stat_val) (((stat_val) & 255) == 0)
-#endif
-#endif
-
 #ifdef HAVE_SYS_TIME_H
 #include 
 #endif
-- 
1.7.3.4

[Openvpn-devel] [PATCH 09/16] cleanup: syshead: rename S_ERROR->S_ERRORS to avoid conflict with stropts.h

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 src/openvpn/ssl.c|   16 
 src/openvpn/ssl_common.h |2 +-
 src/openvpn/syshead.h|1 -
 3 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index 19512c0..3178ff4 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -429,8 +429,8 @@ state_name (int state)
   return "S_ACTIVE";
 case S_NORMAL_OP:
   return "S_NORMAL_OP";
-case S_ERROR:
-  return "S_ERROR";
+case S_ERRORS:
+  return "S_ERRORS";
 default:
   return "S_???";
 }
@@ -858,7 +858,7 @@ lame_duck_must_die (const struct tls_session* session, 
interval_t *wakeup)
   else
return true;
 }
-  else if (lame->state == S_ERROR)
+  else if (lame->state == S_ERRORS)
 return true;
   else
 return false;
@@ -2020,7 +2020,7 @@ tls_process (struct tls_multi *multi,

   /* Make sure we were initialized and that we're not in an error state */
   ASSERT (ks->state != S_UNDEF);
-  ASSERT (ks->state != S_ERROR);
+  ASSERT (ks->state != S_ERRORS);
   ASSERT (session_id_defined (>session_id));

   /* Should we trigger a soft reset? -- new key, keeps old key for a while */
@@ -2386,7 +2386,7 @@ tls_process (struct tls_multi *multi,

 error:
   tls_clear_error();
-  ks->state = S_ERROR;
+  ks->state = S_ERRORS;
   msg (D_TLS_ERRORS, "TLS Error: TLS handshake failed");
   INCR_ERROR;
   gc_free ();
@@ -2468,7 +2468,7 @@ tls_multi_process (struct tls_multi *multi,
   * (2) Reinitialize the session.
   * (3) Increment soft error count
   */
- if (ks->state == S_ERROR)
+ if (ks->state == S_ERRORS)
{
  ++multi->n_soft_errors;

@@ -2513,7 +2513,7 @@ tls_multi_process (struct tls_multi *multi,
   }

   /*
-   * A hard error means that TM_ACTIVE hit an S_ERROR state and that no
+   * A hard error means that TM_ACTIVE hit an S_ERRORS state and that no
* other key state objects are S_ACTIVE or higher.
*/
   if (error)
@@ -2921,7 +2921,7 @@ tls_pre_decrypt (struct tls_multi *multi,

/* Make sure we were initialized and that we're not in an error 
state */
ASSERT (ks->state != S_UNDEF);
-   ASSERT (ks->state != S_ERROR);
+   ASSERT (ks->state != S_ERRORS);
ASSERT (session_id_defined (>session_id));

/* Let our caller know we processed a control channel packet */
diff --git a/src/openvpn/ssl_common.h b/src/openvpn/ssl_common.h
index f3f43be..6cf8552 100644
--- a/src/openvpn/ssl_common.h
+++ b/src/openvpn/ssl_common.h
@@ -75,7 +75,7 @@
  *
  * @{
  */
-#define S_ERROR  -1 /**< Error state.  */
+#define S_ERRORS -1 /**< Error state.  */
 #define S_UNDEF   0 /**< Undefined state, used after a \c
  *   key_state is cleaned up. */
 #define S_INITIAL 1 /**< Initial \c key_state state after
diff --git a/src/openvpn/syshead.h b/src/openvpn/syshead.h
index db39625..d095799 100644
--- a/src/openvpn/syshead.h
+++ b/src/openvpn/syshead.h
@@ -221,7 +221,6 @@

 #ifdef HAVE_STROPTS_H
 #include 
-#undef S_ERROR
 #endif

 #ifdef HAVE_NET_IF_TUN_H
-- 
1.7.3.4

[Openvpn-devel] [PATCH 08/16] cleanup: syshead: move sleep, random, syshead.h emulation to compat

[Alon Bar-Lev]

---
 src/compat/compat.h   |6 ++
 src/openvpn/syshead.h |3 ---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/compat/compat.h b/src/compat/compat.h
index 021573e..7d91277 100644
--- a/src/compat/compat.h
+++ b/src/compat/compat.h
@@ -41,6 +41,12 @@
 #include 
 #endif

+#ifdef WIN32
+#define sleep(x) Sleep((x)*1000)
+#define random rand
+#define srandom srand
+#endif
+
 #ifndef HAVE_DIRNAME
 char * dirname(char *str);
 #endif /* HAVE_DIRNAME */
diff --git a/src/openvpn/syshead.h b/src/openvpn/syshead.h
index 98d6023..db39625 100644
--- a/src/openvpn/syshead.h
+++ b/src/openvpn/syshead.h
@@ -31,9 +31,6 @@
 #ifdef WIN32
 #include 
 #include 
-#define sleep(x) Sleep((x)*1000)
-#define random rand
-#define srandom srand
 #endif

 #ifdef HAVE_SYS_TYPES_H
-- 
1.7.3.4

[Openvpn-devel] [PATCH 04/16] cleanup: syshead: remove useless constant USE_64_BIT_COUNTERS

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 src/openvpn/common.h  |   13 -
 src/openvpn/syshead.h |5 -
 2 files changed, 4 insertions(+), 14 deletions(-)

diff --git a/src/openvpn/common.h b/src/openvpn/common.h
index de2d609..845faee 100644
--- a/src/openvpn/common.h
+++ b/src/openvpn/common.h
@@ -28,16 +28,11 @@
 /*
  * Statistics counters and associated printf formats.
  */
-#ifdef USE_64_BIT_COUNTERS
-  typedef unsigned long long int counter_type;
-# ifdef WIN32
-#  define counter_format  "%I64u"
-# else
-#  define counter_format  "%llu"
-# endif
+typedef unsigned long long int counter_type;
+#ifdef WIN32
+# define counter_format  "%I64u"
 #else
-  typedef unsigned int counter_type;
-# define counter_format   "%u"
+# define counter_format  "%llu"
 #endif

 /*
diff --git a/src/openvpn/syshead.h b/src/openvpn/syshead.h
index 99a6674..ccd78af 100644
--- a/src/openvpn/syshead.h
+++ b/src/openvpn/syshead.h
@@ -456,11 +456,6 @@ socket_defined (const socket_descriptor_t sd)
 }

 /*
- * Should statistics counters be 64 bits?
- */
-#define USE_64_BIT_COUNTERS
-
-/*
  * Should we enable the use of execve() for calling subprocesses,
  * instead of system()?
  */
-- 
1.7.3.4

[Openvpn-devel] [PATCH 07/16] cleanup: syshead: move likely, unlikely to basic.h

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 src/openvpn/basic.h   |9 +
 src/openvpn/syshead.h |9 -
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/openvpn/basic.h b/src/openvpn/basic.h
index 298cf10..f2d5041 100644
--- a/src/openvpn/basic.h
+++ b/src/openvpn/basic.h
@@ -35,4 +35,13 @@

 #define IPV4_NETMASK_HOST 0xU

+/* branch prediction hints */
+#if defined(__GNUC__)
+# define likely(x)   __builtin_expect((x),1)
+# define unlikely(x) __builtin_expect((x),0)
+#else
+# define likely(x)  (x)
+# define unlikely(x)(x)
+#endif
+
 #endif
diff --git a/src/openvpn/syshead.h b/src/openvpn/syshead.h
index 3e64936..98d6023 100644
--- a/src/openvpn/syshead.h
+++ b/src/openvpn/syshead.h
@@ -28,15 +28,6 @@
 #include "compat.h"
 #include "compat-stdbool.h"

-/* branch prediction hints */
-#if defined(__GNUC__)
-# define likely(x)   __builtin_expect((x),1)
-# define unlikely(x) __builtin_expect((x),0)
-#else
-# define likely(x)  (x)
-# define unlikely(x)(x)
-#endif
-
 #ifdef WIN32
 #include 
 #include 
-- 
1.7.3.4

[Openvpn-devel] [PATCH 02/16] cleanup: syshead: move O_BINARY detection to autoconf

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 configure.ac  |   11 +++
 src/openvpn/syshead.h |7 ---
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/configure.ac b/configure.ac
index 4592727..6f6a1f4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -519,6 +519,17 @@ AC_CHECK_DECLS(
]]
 )

+AC_CHECK_DECLS(
+   [O_BINARY],
+   ,
+   [AC_DEFINE([O_BINARY], [0], [O_BINARY replacement])],
+   [[
+   #ifdef HAVE_FCNTL_H
+   #include 
+   #endif
+   ]]
+)
+
 AC_FUNC_FORK

 AC_CHECK_FUNCS([ \
diff --git a/src/openvpn/syshead.h b/src/openvpn/syshead.h
index c5dbac6..91a23d3 100644
--- a/src/openvpn/syshead.h
+++ b/src/openvpn/syshead.h
@@ -439,13 +439,6 @@
 #endif

 /*
- * Does this OS draw a distinction between binary and ascii files?
- */
-#ifndef O_BINARY
-#define O_BINARY 0
-#endif
-
-/*
  * Define a boolean value based
  * on Win32 status.
  */
-- 
1.7.3.4

[Openvpn-devel] [PATCH 01/16] cleanup: syshead: remove OS_SPECIFIC_DIRSEP in favor of autoconf PATH_SEPARATOR

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 src/openvpn/misc.c   |6 +-
 src/openvpn/ssl_verify.c |2 +-
 src/openvpn/syshead.h|9 -
 3 files changed, 2 insertions(+), 15 deletions(-)

diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
index 2ded9bf..3dd2aa2 100644
--- a/src/openvpn/misc.c
+++ b/src/openvpn/misc.c
@@ -1070,13 +1070,9 @@ gen_path (const char *directory, const char *filename, 
struct gc_arena *gc)
 {
   const size_t outsize = strlen(safe_filename) + (directory ? strlen 
(directory) : 0) + 16;
   struct buffer out = alloc_buf_gc (outsize, gc);
-  char dirsep[2];
-
-  dirsep[0] = OS_SPECIFIC_DIRSEP;
-  dirsep[1] = '\0';

   if (directory)
-   buf_printf (, "%s%s", directory, dirsep);
+   buf_printf (, "%s%c", directory, PATH_SEPARATOR);
   buf_printf (, "%s", safe_filename);

   return BSTR ();
diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c
index 30fb05d..ad46c13 100644
--- a/src/openvpn/ssl_verify.c
+++ b/src/openvpn/ssl_verify.c
@@ -545,7 +545,7 @@ verify_check_crl_dir(const char *crl_dir, 
openvpn_x509_cert_t *cert)

   char *serial = x509_get_serial(cert, );

-  if (!openvpn_snprintf(fn, sizeof(fn), "%s%c%s", crl_dir, OS_SPECIFIC_DIRSEP, 
serial))
+  if (!openvpn_snprintf(fn, sizeof(fn), "%s%c%s", crl_dir, PATH_SEPARATOR, 
serial))
 {
   msg (D_HANDSHAKE, "VERIFY CRL: filename overflow");
   goto cleanup;
diff --git a/src/openvpn/syshead.h b/src/openvpn/syshead.h
index 3337764..c5dbac6 100644
--- a/src/openvpn/syshead.h
+++ b/src/openvpn/syshead.h
@@ -446,15 +446,6 @@
 #endif

 /*
- * Directory separation char
- */
-#ifdef WIN32
-#define OS_SPECIFIC_DIRSEP '\\'
-#else
-#define OS_SPECIFIC_DIRSEP '/'
-#endif
-
-/*
  * Define a boolean value based
  * on Win32 status.
  */
-- 
1.7.3.4

[Openvpn-devel] [PATCH 05/16] cleanup: syshead: move apple specific CPPFLAGS out of syshead

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 configure.ac  |   18 ++
 src/openvpn/syshead.h |6 --
 2 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/configure.ac b/configure.ac
index 6f6a1f4..9fcd7fe 100644
--- a/configure.ac
+++ b/configure.ac
@@ -357,6 +357,24 @@ AC_TYPE_UINT16_T
 AC_TYPE_UINT32_T
 AC_TYPE_UINT64_T
 AC_TYPE_SIGNAL
+
+AC_MSG_CHECKING([Apple specific settings])
+AC_EGREP_CPP(
+   [true],
+   [
+#if defined(__APPLE__)
+#if __ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__ >= 1070
+true
+#endif
+#endif
+   ],
+   [
+   AC_MSG_RESULT([required])
+   CPPFLAGS="${CPPFLAGS} -D__APPLE_USE_RFC_3542=1"
+   ],
+   [AC_MSG_RESULT([not required])]
+)
+
 AX_CPP_VARARG_MACRO_ISO
 AX_CPP_VARARG_MACRO_GCC
 AX_TYPE_SOCKLEN_T
diff --git a/src/openvpn/syshead.h b/src/openvpn/syshead.h
index ccd78af..c5bf4a8 100644
--- a/src/openvpn/syshead.h
+++ b/src/openvpn/syshead.h
@@ -45,12 +45,6 @@
 #define srandom srand
 #endif

-#if defined(__APPLE__)
-#if __ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__ >= 1070
-#define __APPLE_USE_RFC_3542  1
-#endif
-#endif
-
 #ifdef HAVE_SYS_TYPES_H
 #include 
 #endif
-- 
1.7.3.4

[Openvpn-devel] [PATCH] build: insall README* document using build system

[Alon Bar-Lev]

Purpose: make distro packager task simpler, more flexible to provide
more documentation without changing the packaging script.

Remove installation related documents from rpm as package already
installed when viewed.

+Workaround rpm bug[1].

[1] http://rpm.org/ticket/836

Signed-off-by: Alon Bar-Lev 
---
 Makefile.am|3 +++
 distro/rpm/openvpn.spec.in |   11 +++
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/Makefile.am b/Makefile.am
index 33dfcd6..c580579 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -57,6 +57,9 @@ endif
 SUBDIRS = build distro include src sample doc tests

 dist_doc_DATA = \
+   README \
+   README.IPv6 \
+   README.polarssl \
COPYRIGHT.GPL \
COPYING

diff --git a/distro/rpm/openvpn.spec.in b/distro/rpm/openvpn.spec.in
index d9158c1..a6f31bd 100644
--- a/distro/rpm/openvpn.spec.in
+++ b/distro/rpm/openvpn.spec.in
@@ -164,6 +164,10 @@ done

 %__mv -f src/plugins/README src/plugins/README.plugins

+# Install extra %doc stuff
+cp -r AUTHORS ChangeLog NEWS contrib/ sample/ src/plugins/README.* \
+   "%{buildroot}/%{_docdir}/%{name}-%{version}"
+
 #
 # Clean section
 #
@@ -207,13 +211,15 @@ fi
 #
 # Files section
 #
+# don't use %doc as old rpmbuild removes it[1].
+# [1] http://rpm.org/ticket/836

 %files
 %defattr(-,root,root)
-%doc AUTHORS ChangeLog COPYING COPYRIGHT.GPL INSTALL NEWS PORTS README 
 %{_mandir}
 %{_sbindir}/%{name}
 %{_datadir}/%{name}
+%{_docdir}/%{name}-%{version}
 %dir /etc/%{name}
 %if "%{VENDOR}" == "SuSE"
 /etc/init.d/%{name}
@@ -221,9 +227,6 @@ fi
 /etc/rc.d/init.d/%{name}
 %endif

-# Install extra %doc stuff
-%doc contrib/ sample/ src/plugins/README.*
-
 %files devel
 %defattr(-,root,root)
 %{_includedir}/*
-- 
1.7.3.4

Re: [Openvpn-devel] [PATCH] Properly detect OpenSSL version strings with numbers only

[Alon Bar-Lev]

ACK, the revision letter is indeed optional.

David,
Repository is at github...

On Sat, May 12, 2012 at 6:54 PM, Simon Deziel  wrote:
> whichopensslcnf failed to return the right cnf for:
>
> $ openssl version
> OpenSSL 1.0.1 14 Mar 2012
>
> Signed-off-by: Simon Deziel 
> ---
>  easy-rsa/2.0/whichopensslcnf |    6 +++---
>  1 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/easy-rsa/2.0/whichopensslcnf b/easy-rsa/2.0/whichopensslcnf
> index 2226a8e..ccdaf50 100755
> --- a/easy-rsa/2.0/whichopensslcnf
> +++ b/easy-rsa/2.0/whichopensslcnf
> @@ -3,11 +3,11 @@
>  cnf="$1/openssl.cnf"
>
>  if [ "$OPENSSL" ]; then
> -       if $OPENSSL version | grep -E "0\.9\.6[[:alnum:]]" > /dev/null; then
> +       if $OPENSSL version | grep -E "0\.9\.6[[:alnum:]]?" > /dev/null;
> then
>                cnf="$1/openssl-0.9.6.cnf"
> -       elif $OPENSSL version | grep -E "0\.9\.8[[:alnum:]]" >
> /dev/null; then
> +       elif $OPENSSL version | grep -E "0\.9\.8[[:alnum:]]?" >
> /dev/null; then
>                cnf="$1/openssl-0.9.8.cnf"
> -       elif $OPENSSL version | grep -E "1\.0\.([[:digit:]][[:alnum:]])"
>> /dev/null; then
> +       elif $OPENSSL version | grep -E "1\.0\.[[:digit:]][[:alnum:]]?"
>> /dev/null; then
>                 cnf="$1/openssl-1.0.0.cnf"
>        else
>                cnf="$1/openssl.cnf"
> --
> 1.7.5.4
>
> --
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> ___
> Openvpn-devel mailing list
> Openvpn-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] OpenVPN in the Hypervisor

[Tom Kent]

The wiki was a loss (my backup was only a symlink :-( ), but I've
re-written what I did to get this running.

Now available at:
http://teeks99.com/sys/OpenVPN-VMs/Tryout.html

Tom

On Fri, May 11, 2012 at 4:29 PM, Tom Kent  wrote:

> Thanks for making that clear, it worked great...not sure why I was
> confused about it in the other message.
>
> I was able to get everything up and running. I've documented my adventures
> here:
> http://teeks99.com/sys/doku.php?id=openvpn_vm_segregated_net
>
> Thanks for all the input,
> Tom
>
>
> On Fri, May 11, 2012 at 2:41 AM, Gert Doering  wrote:
>
>> Hi,
>>
>> On Thu, May 10, 2012 at 08:45:04PM -0400, Tom Kent wrote:
>> > The other thing I tried was to have openvpn up and running, then to
>> attach
>> > the VM to the tap0 device that it created...that ended with this error:
>> > libvirtError: internal error Failed to add tap interface to bridge.
>> tap0 is
>> > not a bridge device
>>
>> Try what David suggested: creating a bridge device.
>>
>> Start OpenVPN with "tap0", then run
>>
>>  "brctl addbr br0"
>>  "brctl addif br0 tap0"
>>
>> and then have libvirt attach to br0.
>>
>> gert
>> --
>> USENET is *not* the non-clickable part of WWW!
>>   //
>> www.muc.de/~gert/
>> Gert Doering - Munich, Germany
>> g...@greenie.muc.de
>> fax: +49-89-35655025
>> g...@net.informatik.tu-muenchen.de
>>
>
>

[Openvpn-devel] [PATCH] build: detect sys/wait.h required for *bsd

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 configure.ac |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/configure.ac b/configure.ac
index 901a916..4592727 100644
--- a/configure.ac
+++ b/configure.ac
@@ -374,7 +374,7 @@ AC_CHECK_HEADERS([ \
 ])
 AC_CHECK_HEADERS([ \
sys/time.h sys/ioctl.h sys/stat.h \
-   sys/mman.h sys/file.h \
+   sys/mman.h sys/file.h sys/wait.h \
unistd.h signal.h libgen.h stropts.h \
syslog.h pwd.h grp.h \
sys/sockio.h sys/uio.h linux/sockios.h \
-- 
1.7.3.4

Re: [Openvpn-devel] [PATCH] Openvpn for Android 4.0 Changeset

[Gert Doering]

Hi,

On Fri, May 11, 2012 at 11:52:22PM +0200, Arne Schwabe wrote:
> Am 11.05.12 20:56, schrieb Gert Doering:
> > Changing the build environment to build a shared library out of openvpn
> > is something I do not fully understand yet, though - and don't view
> > a particular useful goal right now.
> The shared library is not used as real shared library. I build
> libopenvpn as complete library and then build a miniature executable
> that calls the main method of the shared library and therefore exactly
> behaves like openvpn as executable.
> 
> The reason for this is that libraries are managed by the android package
> system. For executables I have to carry them as data files and write
> them to a cache partition. By putting the main  code into the library I
> can minimise the amount of data that is written twice to the /data
> parition on Android.

I'm still not sure I fully understand what Android is doing there - but
I don't need to :-) - so that explanation is good enough for me.

gert
-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


pgpKO2T1MYLP3.pgp
Description: PGP signature