date:20210113

[Openvpn-devel] iOS, VPN On Demand (VoD)

2021-01-13 Thread Morris, Russell

Hi,

Sorry if this is a dumb question - have been checking it out at 
https://openvpn.net/vpn-server-resources/faq-regarding-openvpn-connect-ios/ ... 
but not 100% sure how to set this up. It seems like a VPN provide (ovpn file) 
can be set up to support VPN On Demand in iOS ... right? Thinking there is like 
a sample file somewhere, but I haven't found it yet ... LOL. I do have my 
profile set up to autologin (authenticate / connect), as noted. And I did try 
to add the 'vpn-on-demand' parameter (set to 0 or 1), but no joy (found that 
here, 
https://github.com/iphoting/ovpnmcgen.rb/pull/12/commits/fd0fdef5c51d1758835632ca906993d562597f7c).

Any pointers would be greatly appreciated!

Thanks,
... Russell


___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [ovpn-dco]compilation error in function ‘ovpn_peer_lookup_transp_addr’

2021-01-13 Thread Tony He

yes. Confirmed this issue has been fixed.

Antonio Quartulli  于2021年1月14日周四 上午12:12写道：

> Potential fix pushed to the experimental branch.
>
> Thanks again for reporting.
>
> On 13/01/2021 14:18, Antonio Quartulli wrote:
> > It turns our this is a bug in my experimental branch :-)
> >
> > The object pointed by sa6 is not large enough, hence triggering that
> error.
> >
> > Will come up with a fix.
> >
> > Thanks!
> >
> > On 13/01/2021 11:17, Tony He wrote:
> >> Hi Antonio,
> >>
> >> Yes, I'm using latest commit. Maybe it's a compiler bug. What's your
> >> compiler version?
> >> Here is mine.
> >> tony-vm-2004% gcc --version
> >> gcc (Ubuntu 9.3.0-17ubuntu1~20.04) 9.3.0
> >> Copyright (C) 2019 Free Software Foundation, Inc.
> >> This is free software; see the source for copying conditions.  There is
> NO
> >> warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
> PURPOSE.
> >>
> >>
> >>
> >> Antonio Quartulli  于2021年1月13日周三 下午5:17写道：
> >>
> >> Also,
> >>
> >> are you sure you are compiling the latest experimental branch?
> >> HEAD is 2555e5595088991006e57a3ee447f356dffdca92
> >>
> >> Regards,
> >>
> >> On 13/01/2021 10:12, Antonio Quartulli wrote:
> >> > Hi Tony,
> >> >
> >> > thanks for the message.
> >> > The experimental branch is still...experimental, so I expect more
> >> things
> >> > to crash and fail miserably :-D
> >> >
> >> > In any case, feel free to send a patch if you see how to fix the
> >> issue!
> >> > It would be nice to have external contributions :-)
> >> >
> >> > This said, I am not sure this is our bug - the sin6_addr member of
> >> > struct sockaddr_in6 is of type struct sin6_addr:
> >> >
> >> >
> >>
> https://elixir.bootlin.com/linux/v5.4/source/include/uapi/linux/in6.h#L54
> >> <
> https://elixir.bootlin.com/linux/v5.4/source/include/uapi/linux/in6.h#L54>
> >> >
> >> > And I believe it is widely known that an IPv6 address is 12 bytes,
> >> not 8..
> >> >
> >> > Maybe it's a bug in the compiler?
> >> >
> >> > Best Regards,
> >> >
> >> > On 13/01/2021 10:03, Tony He wrote:
> >> >> Sorry, clicked "send" button before adding subject and CC
> >> Openvpn-dev. I
> >> >> will send a new mail.
> >> >>
> >> >> Tony He mailto:huangy...@gmail.com>
> >> >>
> 于2021年1月13
> >> >> 日周三 下午4:57写道：
> >> >>
> >> >> Hi Antonio,
> >> >>
> >> >> I see you have pushed new commits to support multiple link to
> >> peers.
> >> >> So I tried compiling, but encounter below error. My kernel
> >> version
> >> >> is 5.4.0-54.
> >> >>
> >> >>
> >> >>
> >> >> tony-vm-2004% make
> >>
> >> >>
> >>
> >> >>
> >>
> >> >>
> >> >> /project/openvpn/ovpn-dco.git/gen-compat-autoconf.sh
> >> >> /project/openvpn/ovpn-dco.git/compat-autoconf.h
> >>
> >> >>
> >>
> >> >>
> >> >> make -C /lib/modules/5.4.0-54-generic/build
> >> >> M=/project/openvpn/ovpn-dco.git
> PWD=/project/openvpn/ovpn-dco.git
> >> >> REVISION=2555e55 CONFIG_OVPN_DCO=m INSTALL_MOD_DIR=updates/
>
> >> >> modules
> >> >> make[1]: Entering directory
> >> >> '/usr/src/linux-headers-5.4.0-54-generic'
> >>
> >> >>
> >>
> >> >>
> >> >>   CC [M]
> >>  /project/openvpn/ovpn-dco.git/drivers/net/ovpn-dco/main.o
> >> >>
> >>
> >> >>
> >>
> >> >>
> >> >>   CC [M]
> >>  /project/openvpn/ovpn-dco.git/drivers/net/ovpn-dco/bind.o
> >> >>
> >>
> >> >>
> >>
> >> >>
> >> >>   CC [M]
> >> >>  /project/openvpn/ovpn-dco.git/drivers/net/ovpn-dco/crypto.o
> >>
> >> >>
> >>
> >> >>
>
> >> >>   CC [M]
> >>  /project/openvpn/ovpn-dco.git/drivers/net/ovpn-dco/ovpn.o
> >> >>
> >>
> >> >>
> >>
> >> >>
> >> >>   CC [M]
> >>  /project/openvpn/ovpn-dco.git/drivers/net/ovpn-dco/peer.o
> >> >>
> >>
> >> >>
> >>
> >> >>
> >> >> In file included from ./include/linux/bitmap.h:9,
> >>
> >> >>
> >>
> >> >>
> >>
> >> >>
> >> >>  from ./include/linux/cpumask.h:12,
> >>
> >> >>
> >>
> >> >>
> >>
> >> >>
> >> >>  from ./arch/x86/include/asm/cpumask.h:5,
> >>
> >> >>
> >>
> >> >>
> >>
> >> >>
> >> >>  from ./arch/x86/include/asm/msr.h:11,
> >>
> >> >>
> >>
> >> >>
> >>
> >> >>
> >> >>  from ./arch/x86/include/asm/processor.h:21,
> >>
> >> >>
> >>
> >> >>
> >>
> >> >>
> >> >>  from ./arch/x86/include/asm/cpufeature.h:5,
> >>
> >> >>
> >>
> >> >>
> >>
> >> >>
> >> >>  from
> >> ./arch/x86/include/asm/thread_info.h:53,
> >> >>
> >>
> >> >>
> >>
> >> >>
> >> >>  fro

[Openvpn-devel] [PATCH] Stop using deprecated getpass()

2021-01-13 Thread Tõivo Leedjärv

The getpass() function is present in SUSv2, but marked LEGACY. It is
removed in POSIX.1-2001. Additionally, on Solaris getpass() returns
maximum 8 bytes. This will make longer passwords fail with no
possibility for user to know what is happening.

This patch removes usage of getpass() completely and replaces it with
direct implementation of what getpass() does: opens tty (existing code),
outputs the prompt (existing code), turns off echoing (new code), reads
one line (existing code shared with echoed mode), restores tty state
(new code) and closes tty (existing code).

Signed-off-by: Tõivo Leedjärv <69477666+tleedj...@users.noreply.github.com>
---
 configure.ac  |  4 ++-
 src/openvpn/console_builtin.c | 63 +--
 2 files changed, 41 insertions(+), 26 deletions(-)

diff --git a/configure.ac b/configure.ac
index 1ab8fe59..2c094da7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -645,7 +645,7 @@ AC_FUNC_FORK

 AC_CHECK_FUNCS([ \
daemon chroot getpwnam setuid nice system getpid dup dup2 \
-   getpass syslog openlog mlockall getgrnam setgid \
+   syslog openlog mlockall getgrnam setgid \
setgroups stat flock readv writev time gettimeofday \
ctime memset vsnprintf strdup \
setsid chdir putenv getpeername unlink \
@@ -653,6 +653,8 @@ AC_CHECK_FUNCS([ \
epoll_create strsep \
 ])

+AC_CHECK_HEADERS([termios.h])
+
 AC_CHECK_LIB(
[dl],
[dlopen],
diff --git a/src/openvpn/console_builtin.c b/src/openvpn/console_builtin.c
index 445928bf..f1d91b32 100644
--- a/src/openvpn/console_builtin.c
+++ b/src/openvpn/console_builtin.c
@@ -40,6 +40,10 @@
 #include "buffer.h"
 #include "misc.h"

+#ifdef HAVE_TERMIOS_H
+#include 
+#endif
+
 #ifdef _WIN32

 #include "win32.h"
@@ -138,7 +142,7 @@ get_console_input_win32(const char *prompt, const
bool echo, char *input, const
 #endif   /* _WIN32 */


-#ifdef HAVE_GETPASS
+#ifdef HAVE_TERMIOS_H

 /**
  * Open the current console TTY for read/write operations
@@ -177,7 +181,7 @@ close_tty(FILE *fp)
 }
 }

-#endif   /* HAVE_GETPASS */
+#endif   /* HAVE_TERMIOS_H */


 /**
@@ -201,7 +205,9 @@ get_console_input(const char *prompt, const bool
echo, char *input, const int ca

 #if defined(_WIN32)
 return get_console_input_win32(prompt, echo, input, capacity);
-#elif defined(HAVE_GETPASS)
+#elif defined(HAVE_TERMIOS_H)
+int restore_tty = 0;
+struct termios tty_a, tty_save;

 /* did we --daemon'ize before asking for passwords?
  * (in which case neither stdin or stderr are connected to a tty and
@@ -220,33 +226,40 @@ get_console_input(const char *prompt, const bool
echo, char *input, const int ca
 close(fd);
 }

-if (echo)
-{
-FILE *fp;
+FILE *fp;

-fp = open_tty(true);
-fprintf(fp, "%s", prompt);
-fflush(fp);
-close_tty(fp);
+fp = open_tty(true);
+fprintf(fp, "%s", prompt);
+fflush(fp);
+close_tty(fp);

-fp = open_tty(false);
-if (fgets(input, capacity, fp) != NULL)
-{
-chomp(input);
-ret = true;
-}
-close_tty(fp);
+fp = open_tty(false);
+
+if (!echo && (tcgetattr(fileno(fp), &tty_a) == 0))
+{
+tty_save = tty_a;
+tty_a.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL | ISIG);
+restore_tty = (tcsetattr(fileno(fp), TCSAFLUSH, &tty_a) == 0);
 }
-else
+
+if (fgets(input, capacity, fp) != NULL)
 {
-char *gp = getpass(prompt);
-if (gp)
-{
-strncpynt(input, gp, capacity);
-secure_memzero(gp, strlen(gp));
-ret = true;
-}
+chomp(input);
+ret = true;
 }
+
+if (!echo && restore_tty)
+{
+(void) tcsetattr(fileno(fp), TCSAFLUSH, &tty_save);
+
+/* Echo the non-echoed newline */
+close_tty(fp);
+fp = open_tty(true);
+fprintf(fp, "\n");
+fflush(fp);
+}
+
+close_tty(fp);
 #else  /* if defined(_WIN32) */
 msg(M_FATAL, "Sorry, but I can't get console input on this OS
(%s)", prompt);
 #endif /* if defined(_WIN32) */
-- 
2.26.2


___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] is it possible to store saved password in tpm instead of registry ?

2021-01-13 Thread Selva Nair

Hi,

The blob stored in the registry is encrypted by DPAPI and requires access
to the user's session to decrypt. No matter where the blob is stored, if an
attacker has access to the session, anything the GUI can read can be read
by the attacker too.

That said, if there is a well-defined API for protecting data using a
non-exportable key in TPM, respecting security boundaries, we could use it.
The blob has to be still stored in registry or Windows password store
(which also stores it in registry). TPM is useful for storing
non-exportable private keys. For exportable data, if at all possible and
space permits, I see little point in putting it in TPM.

DPAPI supports an app-specific salt, and we could have it wrapped by TPM to
add some extra protection but I would be wary of inventing our own schemes
like that.

Storing the certificate private key in TPM makes sense.

Selva

On Wed, Jan 13, 2021 at 1:31 PM Илья Шипицин  wrote:

>
>
> ср, 13 янв. 2021 г. в 22:01, Jan Just Keijser :
>
>> Hi,
>>
>> On 13/01/21 17:20, Илья Шипицин wrote:
>> > Hello,
>> >
>> > if user save password, it might be stolen from well known location
>> > (there are popular password stealers).
>> >
>> > in theory, is it possible to keep password in tpm ? will it prevent
>> > password from being stolen ?
>> >
>> in theory, yes, but as always, it depends on the circumstances.
>>
>> With TPM 1.2 you can only store a very limited amount of data in the TPM
>> chip; the (open source) implementation I have seen (tss, trousers) store
>>
>
> I meant openvpn-gui + user/password authentication + password is kept in
> registry encrypted by data protection api (not clear text, but might be
> decrypted and stolen easily).
>
> trousers is linux, right ?
>
>
>> a key in the TPM to scramble other data with; thus, you can encrypt a
>> private key or password with a key stored on the TPM and only if you
>> have the TPM will you be able to decrypt it.
>> I've never been particularly impressed with the security of this setup,
>> however, as trousers seems to suggest to store the actualy decryption
>> key in an environment variable...
>>
>> With TPM 2.0 you can store more data in the chip, including a full
>> private key. This makes it behave more like a regular PKCS#11 device,
>> where you store the private key, not the user password on it. Of course,
>> it will/should also be possible to store a user password on it.
>>
>> cheers,
>>
>> JJK
>>
>> ___
> Openvpn-devel mailing list
> Openvpn-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel
>
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] is it possible to store saved password in tpm instead of registry ?

2021-01-13 Thread Arne Schwabe



Am 13.01.2021 um 17:20 schrieb Илья Шипицин:

Hello,

if user save password, it might be stolen from well known location 
(there are popular password stealers).


in theory, is it possible to keep password in tpm ? will it prevent 
password from being stolen ?


Ilya


Password storage in TPM is flawed anyway. Since it a symmetric secret. 
If you want TPM security you should go certificate anyway which should 
be doable by using a TPM as a smart card.


Arne



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] is it possible to store saved password in tpm instead of registry ?

2021-01-13 Thread Илья Шипицин

ср, 13 янв. 2021 г. в 22:01, Jan Just Keijser :

> Hi,
>
> On 13/01/21 17:20, Илья Шипицин wrote:
> > Hello,
> >
> > if user save password, it might be stolen from well known location
> > (there are popular password stealers).
> >
> > in theory, is it possible to keep password in tpm ? will it prevent
> > password from being stolen ?
> >
> in theory, yes, but as always, it depends on the circumstances.
>
> With TPM 1.2 you can only store a very limited amount of data in the TPM
> chip; the (open source) implementation I have seen (tss, trousers) store
>

I meant openvpn-gui + user/password authentication + password is kept in
registry encrypted by data protection api (not clear text, but might be
decrypted and stolen easily).

trousers is linux, right ?


> a key in the TPM to scramble other data with; thus, you can encrypt a
> private key or password with a key stored on the TPM and only if you
> have the TPM will you be able to decrypt it.
> I've never been particularly impressed with the security of this setup,
> however, as trousers seems to suggest to store the actualy decryption
> key in an environment variable...
>
> With TPM 2.0 you can store more data in the chip, including a full
> private key. This makes it behave more like a regular PKCS#11 device,
> where you store the private key, not the user password on it. Of course,
> it will/should also be possible to store a user password on it.
>
> cheers,
>
> JJK
>
>
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] is it possible to store saved password in tpm instead of registry ?

2021-01-13 Thread Jan Just Keijser


Hi,

On 13/01/21 17:20, Илья Шипицин wrote:

Hello,

if user save password, it might be stolen from well known location 
(there are popular password stealers).


in theory, is it possible to keep password in tpm ? will it prevent 
password from being stolen ?



in theory, yes, but as always, it depends on the circumstances.

With TPM 1.2 you can only store a very limited amount of data in the TPM 
chip; the (open source) implementation I have seen (tss, trousers) store 
a key in the TPM to scramble other data with; thus, you can encrypt a 
private key or password with a key stored on the TPM and only if you 
have the TPM will you be able to decrypt it.
I've never been particularly impressed with the security of this setup, 
however, as trousers seems to suggest to store the actualy decryption 
key in an environment variable...


With TPM 2.0 you can store more data in the chip, including a full 
private key. This makes it behave more like a regular PKCS#11 device, 
where you store the private key, not the user password on it. Of course, 
it will/should also be possible to store a user password on it.


cheers,

JJK



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] is it possible to store saved password in tpm instead of registry ?

2021-01-13 Thread Илья Шипицин

Hello,

if user save password, it might be stolen from well known location (there
are popular password stealers).

in theory, is it possible to keep password in tpm ? will it prevent
password from being stolen ?

Ilya
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [ovpn-dco]compilation error in function ‘ovpn_peer_lookup_transp_addr’

2021-01-13 Thread Antonio Quartulli

Potential fix pushed to the experimental branch.

Thanks again for reporting.

On 13/01/2021 14:18, Antonio Quartulli wrote:
> It turns our this is a bug in my experimental branch :-)
> 
> The object pointed by sa6 is not large enough, hence triggering that error.
> 
> Will come up with a fix.
> 
> Thanks!
> 
> On 13/01/2021 11:17, Tony He wrote:
>> Hi Antonio,
>>
>> Yes, I'm using latest commit. Maybe it's a compiler bug. What's your
>> compiler version?
>> Here is mine.
>> tony-vm-2004% gcc --version
>> gcc (Ubuntu 9.3.0-17ubuntu1~20.04) 9.3.0
>> Copyright (C) 2019 Free Software Foundation, Inc.
>> This is free software; see the source for copying conditions.  There is NO
>> warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
>>
>>
>>
>> Antonio Quartulli  于2021年1月13日周三 下午5:17写道：
>>
>> Also,
>>
>> are you sure you are compiling the latest experimental branch?
>> HEAD is 2555e5595088991006e57a3ee447f356dffdca92
>>
>> Regards,
>>
>> On 13/01/2021 10:12, Antonio Quartulli wrote:
>> > Hi Tony,
>> >
>> > thanks for the message.
>> > The experimental branch is still...experimental, so I expect more
>> things
>> > to crash and fail miserably :-D
>> >
>> > In any case, feel free to send a patch if you see how to fix the
>> issue!
>> > It would be nice to have external contributions :-)
>> >
>> > This said, I am not sure this is our bug - the sin6_addr member of
>> > struct sockaddr_in6 is of type struct sin6_addr:
>> >
>> >
>> https://elixir.bootlin.com/linux/v5.4/source/include/uapi/linux/in6.h#L54
>> 
>> 
>> >
>> > And I believe it is widely known that an IPv6 address is 12 bytes,
>> not 8..
>> >
>> > Maybe it's a bug in the compiler?
>> >
>> > Best Regards,
>> >
>> > On 13/01/2021 10:03, Tony He wrote:
>> >> Sorry, clicked "send" button before adding subject and CC
>> Openvpn-dev. I
>> >> will send a new mail.
>> >>
>> >> Tony He mailto:huangy...@gmail.com>
>> >> 于2021年1月13
>> >> 日周三 下午4:57写道：
>> >>
>> >>     Hi Antonio,
>> >>
>> >>     I see you have pushed new commits to support multiple link to
>> peers.
>> >>     So I tried compiling, but encounter below error. My kernel
>> version
>> >>     is 5.4.0-54.
>> >>
>> >>
>> >>
>> >>     tony-vm-2004% make                                          
>>        
>> >>                                                                  
>>      
>> >>                                                                  
>>      
>> >>          
>> >>     /project/openvpn/ovpn-dco.git/gen-compat-autoconf.sh
>> >>     /project/openvpn/ovpn-dco.git/compat-autoconf.h              
>>      
>> >>                                                                  
>>      
>> >>                          
>> >>     make -C /lib/modules/5.4.0-54-generic/build
>> >>     M=/project/openvpn/ovpn-dco.git PWD=/project/openvpn/ovpn-dco.git
>> >>     REVISION=2555e55 CONFIG_OVPN_DCO=m INSTALL_MOD_DIR=updates/      
>> >>     modules                            
>> >>     make[1]: Entering directory
>> >>     '/usr/src/linux-headers-5.4.0-54-generic'                    
>>      
>> >>                                                                  
>>      
>> >>                                                    
>> >>       CC [M]
>>  /project/openvpn/ovpn-dco.git/drivers/net/ovpn-dco/main.o
>> >>                                                                  
>>      
>> >>                                                                  
>>      
>> >>            
>> >>       CC [M]
>>  /project/openvpn/ovpn-dco.git/drivers/net/ovpn-dco/bind.o
>> >>                                                                  
>>      
>> >>                                                                  
>>      
>> >>            
>> >>       CC [M]
>> >>      /project/openvpn/ovpn-dco.git/drivers/net/ovpn-dco/crypto.o
>>        
>> >>                                                                  
>>      
>> >>                                                                      
>> >>       CC [M]
>>  /project/openvpn/ovpn-dco.git/drivers/net/ovpn-dco/ovpn.o
>> >>                                                                  
>>      
>> >>                                                                  
>>      
>> >>            
>> >>       CC [M]
>>  /project/openvpn/ovpn-dco.git/drivers/net/ovpn-dco/peer.o
>> >>                                                                  
>>      
>> >>

Re: [Openvpn-devel] [ovpn-dco]compilation error in function ‘ovpn_peer_lookup_transp_addr’

2021-01-13 Thread Antonio Quartulli

It turns our this is a bug in my experimental branch :-)

The object pointed by sa6 is not large enough, hence triggering that error.

Will come up with a fix.

Thanks!

On 13/01/2021 11:17, Tony He wrote:
> Hi Antonio,
> 
> Yes, I'm using latest commit. Maybe it's a compiler bug. What's your
> compiler version?
> Here is mine.
> tony-vm-2004% gcc --version
> gcc (Ubuntu 9.3.0-17ubuntu1~20.04) 9.3.0
> Copyright (C) 2019 Free Software Foundation, Inc.
> This is free software; see the source for copying conditions.  There is NO
> warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
> 
> 
> 
> Antonio Quartulli  于2021年1月13日周三 下午5:17写道：
> 
> Also,
> 
> are you sure you are compiling the latest experimental branch?
> HEAD is 2555e5595088991006e57a3ee447f356dffdca92
> 
> Regards,
> 
> On 13/01/2021 10:12, Antonio Quartulli wrote:
> > Hi Tony,
> >
> > thanks for the message.
> > The experimental branch is still...experimental, so I expect more
> things
> > to crash and fail miserably :-D
> >
> > In any case, feel free to send a patch if you see how to fix the
> issue!
> > It would be nice to have external contributions :-)
> >
> > This said, I am not sure this is our bug - the sin6_addr member of
> > struct sockaddr_in6 is of type struct sin6_addr:
> >
> >
> https://elixir.bootlin.com/linux/v5.4/source/include/uapi/linux/in6.h#L54
> 
> 
> >
> > And I believe it is widely known that an IPv6 address is 12 bytes,
> not 8..
> >
> > Maybe it's a bug in the compiler?
> >
> > Best Regards,
> >
> > On 13/01/2021 10:03, Tony He wrote:
> >> Sorry, clicked "send" button before adding subject and CC
> Openvpn-dev. I
> >> will send a new mail.
> >>
> >> Tony He mailto:huangy...@gmail.com>
> >> 于2021年1月13
> >> 日周三 下午4:57写道：
> >>
> >>     Hi Antonio,
> >>
> >>     I see you have pushed new commits to support multiple link to
> peers.
> >>     So I tried compiling, but encounter below error. My kernel
> version
> >>     is 5.4.0-54.
> >>
> >>
> >>
> >>     tony-vm-2004% make                                          
>        
> >>                                                                  
>      
> >>                                                                  
>      
> >>          
> >>     /project/openvpn/ovpn-dco.git/gen-compat-autoconf.sh
> >>     /project/openvpn/ovpn-dco.git/compat-autoconf.h              
>      
> >>                                                                  
>      
> >>                          
> >>     make -C /lib/modules/5.4.0-54-generic/build
> >>     M=/project/openvpn/ovpn-dco.git PWD=/project/openvpn/ovpn-dco.git
> >>     REVISION=2555e55 CONFIG_OVPN_DCO=m INSTALL_MOD_DIR=updates/      
> >>     modules                            
> >>     make[1]: Entering directory
> >>     '/usr/src/linux-headers-5.4.0-54-generic'                    
>      
> >>                                                                  
>      
> >>                                                    
> >>       CC [M]
>  /project/openvpn/ovpn-dco.git/drivers/net/ovpn-dco/main.o
> >>                                                                  
>      
> >>                                                                  
>      
> >>            
> >>       CC [M]
>  /project/openvpn/ovpn-dco.git/drivers/net/ovpn-dco/bind.o
> >>                                                                  
>      
> >>                                                                  
>      
> >>            
> >>       CC [M]
> >>      /project/openvpn/ovpn-dco.git/drivers/net/ovpn-dco/crypto.o
>        
> >>                                                                  
>      
> >>                                                                      
> >>       CC [M]
>  /project/openvpn/ovpn-dco.git/drivers/net/ovpn-dco/ovpn.o
> >>                                                                  
>      
> >>                                                                  
>      
> >>            
> >>       CC [M]
>  /project/openvpn/ovpn-dco.git/drivers/net/ovpn-dco/peer.o
> >>                                                                  
>      
> >>                                                                  
>      
> >>            
> >>     In file included from ./include/linux/bitmap.h:9,            
>      
> >>                                                                  
>      
> >>

Re: [Openvpn-devel] [PATCH v10] Add DNS SRV remote host discovery support

2021-01-13 Thread Vladislav Grishenko

Hello and happy holidays,
Is there a chance to get back to this patch since v9 was acked and minor fix
for undefined EAI_NODATA on FreeBSD was applied?

--
Best Regards, Vladislav Grishenko

> -Original Message-
> From: Vladislav Grishenko 
> Sent: Friday, December 4, 2020 9:15 PM
> To: openvpn-devel@lists.sourceforge.net
> Cc: g...@greenie.muc.de
> Subject: [Openvpn-devel] [PATCH v10] Add DNS SRV remote host discovery
> support
> 
> DNS SRV remote host discovery allows to have multiple OpenVPN servers for
> a single domain w/o explicit profile enumeration, to move services from
> host to host with little fuss, and to designate hosts as primary servers
> for a service and others as backups.
> Feature has been asked several times already, should be useful in case of
> substantial number of clients & servers deployed.
> 
> Patch introduces "--remote-srv domain [service] [proto]" option.
> The "service" and "proto" arguments are optional. Client will try
> to resolve DNS SRV record "_service._proto.domain" and use returned
> DNS SRV records as remote server list ordered by server selection
> mechanism defined in RFC2782 (https://tools.ietf.org/html/rfc2782):
> 
> A client MUST attempt to contact the target host with the
> lowest-numbered priority field value it can reach, target hosts
> with the same priority SHOULD be tried in an order defined by the
> weight field.
> The weight field specifies a relative weight for entries with the
> same priority. Larger weights SHOULD be given a proportionately
> higher probability of being selected.
> Domain administrators SHOULD use Weight 0 when there isn't any
> server selection to do. In the presence of records containing
> weights greater than 0, records with Weight 0 SHOULD have a very
> small chance of being selected.
> 
> Note: OpenVPN server selection mechanism implementation indeed will
> give records with weight of zero a very small chance of being selected
> first, but never skip them.
> 
> Example: instead of multiple --remote in order, now it's possible to
> specify just one --remote-srv and configure DNS SRV records:
> 
> remote-srv example.net
> 
> name prio weight port target
> $ORIGIN example.net.
> _openvpn._udp IN SRV 10   60 1194 server1.example.net.
> _openvpn._udp IN SRV 10   40 1194 server2.example.net.
> _openvpn._udp IN SRV 10   0  1194 server3.example.net.
> _openvpn._tcp IN SRV 20   0   443 server4.example.net.
> 
> For "--remote-srv example.net" following will happen in order:
> 1. The client will first try to resolve "_openvpn._udp.example.net"
>and "_openvpn._tcp.example.net".
> 2. Records "server1.example.net:1194", "server2.example.net:1194"
>and "server3.example.net:1194" will be selected before record
>"server4.example.net:443" as their priority 10 is smaller than 20.
> 3. Records "server1.example.net:1194", "server2.example.net:1194"
>and "server3.example.net:1194" will be randomly selected with
>weight probability: first will be either "server1.example.net:1194"
>with 60% probability or "server2.example.net:1194" with 40% or
>"server3.example.net:1194" with almost zero probability.
> 4. If "server1.example.net:1194" was selected, the second record will
>be either "server2.example.net:1194" with almost 100% probability
>or "server3.example.net:1194" with almost 0%.
> 5. If "server2.example.net:1194" was selected, the third record will
>be the only last record of priority 10 - "server3.example.net:1194".
> 6. Record "server4.example.net:443" will be the last one selected as
>the only record with priority 20.
> 7. Each of the resulting "target:port" remote hosts will be resolved
>and accessed if its protocol has no conflict with the rest of the
>OpenVPN options.
> 
>   If DNS SRV name can't be resolved or no valid records were returned,
>   client will move on to the next connection entry.
> 
> v10:
> add get_cached_srv_entry() for servinfo vs addrinfo cache split
> add check for mixed --remote and --remote-srv
> add doxygen dns srv functions comments
> use query_servinfo() for both unix and windows
> fix undefined NS_MAXMSG issue on macOS
> fix undefined EAI_NODATA issue on FreeBSD
> fix man
> 
> Signed-off-by: Vladislav Grishenko 
> ---
>  configure.ac|   2 +-
>  doc/man-sections/client-options.rst | 121 +++-
>  doc/management-notes.txt|   6 +
>  src/openvpn/Makefile.am |   2 +-
>  src/openvpn/buffer.h|   5 -
>  src/openvpn/errlevel.h  |   1 +
>  src/openvpn/init.c  |  79 ++-
>  src/openvpn/openvpn.vcxproj |   8 +-
>  src/openvpn/options.c   | 286 +++--
>  src/openvpn/options.h   |   4 +
>  src/openvpn/socket.c| 875 +++-
>  src/openvpn/socket.h|  54 ++
>  src/openvpn

Re: [Openvpn-devel] [ovpn-dco]

2021-01-13 Thread Antonio Quartulli

Also,

are you sure you are compiling the latest experimental branch?
HEAD is 2555e5595088991006e57a3ee447f356dffdca92

Regards,

On 13/01/2021 10:12, Antonio Quartulli wrote:
> Hi Tony,
> 
> thanks for the message.
> The experimental branch is still...experimental, so I expect more things
> to crash and fail miserably :-D
> 
> In any case, feel free to send a patch if you see how to fix the issue!
> It would be nice to have external contributions :-)
> 
> This said, I am not sure this is our bug - the sin6_addr member of
> struct sockaddr_in6 is of type struct sin6_addr:
> 
> https://elixir.bootlin.com/linux/v5.4/source/include/uapi/linux/in6.h#L54
> 
> And I believe it is widely known that an IPv6 address is 12 bytes, not 8..
> 
> Maybe it's a bug in the compiler?
> 
> Best Regards,
> 
> On 13/01/2021 10:03, Tony He wrote:
>> Sorry, clicked "send" button before adding subject and CC Openvpn-dev. I
>> will send a new mail.
>>
>> Tony He mailto:huangy...@gmail.com>> 于2021年1月13
>> 日周三 下午4:57写道：
>>
>> Hi Antonio,
>>
>> I see you have pushed new commits to support multiple link to peers.
>> So I tried compiling, but encounter below error. My kernel version
>> is 5.4.0-54.
>>
>>
>>
>> tony-vm-2004% make                                                  
>>                                                                    
>>                                                                    
>>      
>> /project/openvpn/ovpn-dco.git/gen-compat-autoconf.sh
>> /project/openvpn/ovpn-dco.git/compat-autoconf.h                    
>>                                                                    
>>                      
>> make -C /lib/modules/5.4.0-54-generic/build
>> M=/project/openvpn/ovpn-dco.git PWD=/project/openvpn/ovpn-dco.git
>> REVISION=2555e55 CONFIG_OVPN_DCO=m INSTALL_MOD_DIR=updates/      
>> modules                            
>> make[1]: Entering directory
>> '/usr/src/linux-headers-5.4.0-54-generic'                          
>>                                                                    
>>                                                
>>   CC [M]  /project/openvpn/ovpn-dco.git/drivers/net/ovpn-dco/main.o
>>                                                                    
>>                                                                    
>>        
>>   CC [M]  /project/openvpn/ovpn-dco.git/drivers/net/ovpn-dco/bind.o
>>                                                                    
>>                                                                    
>>        
>>   CC [M]
>>  /project/openvpn/ovpn-dco.git/drivers/net/ovpn-dco/crypto.o        
>>                                                                    
>>                                                                  
>>   CC [M]  /project/openvpn/ovpn-dco.git/drivers/net/ovpn-dco/ovpn.o
>>                                                                    
>>                                                                    
>>        
>>   CC [M]  /project/openvpn/ovpn-dco.git/drivers/net/ovpn-dco/peer.o
>>                                                                    
>>                                                                    
>>        
>> In file included from ./include/linux/bitmap.h:9,                  
>>                                                                    
>>                                                                    
>>        
>>                  from ./include/linux/cpumask.h:12,                
>>                                                                    
>>                                                                    
>>        
>>                  from ./arch/x86/include/asm/cpumask.h:5,          
>>                                                                    
>>                                                                    
>>        
>>                  from ./arch/x86/include/asm/msr.h:11,              
>>                                                                    
>>                                                                    
>>      
>>                  from ./arch/x86/include/asm/processor.h:21,        
>>                                                                    
>>                                                                    
>>      
>>                  from ./arch/x86/include/asm/cpufeature.h:5,        
>>                                                                    
>>                                                                    
>>      
>>                  from ./arch/x86/include/asm/thread_info.h:53,      
>>                                                                    
>>

Re: [Openvpn-devel] [ovpn-dco]

2021-01-13 Thread Antonio Quartulli

On 13/01/2021 10:12, Antonio Quartulli wrote:
> And I believe it is widely known that an IPv6 address is 12 bytes, not 8..

Sorry, I meant 16, not 12, but you get the point :-)

-- 
Antonio Quartulli


___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [ovpn-dco]

2021-01-13 Thread Antonio Quartulli

Hi Tony,

thanks for the message.
The experimental branch is still...experimental, so I expect more things
to crash and fail miserably :-D

In any case, feel free to send a patch if you see how to fix the issue!
It would be nice to have external contributions :-)

This said, I am not sure this is our bug - the sin6_addr member of
struct sockaddr_in6 is of type struct sin6_addr:

https://elixir.bootlin.com/linux/v5.4/source/include/uapi/linux/in6.h#L54

And I believe it is widely known that an IPv6 address is 12 bytes, not 8..

Maybe it's a bug in the compiler?

Best Regards,

On 13/01/2021 10:03, Tony He wrote:
> Sorry, clicked "send" button before adding subject and CC Openvpn-dev. I
> will send a new mail.
> 
> Tony He mailto:huangy...@gmail.com>> 于2021年1月13
> 日周三 下午4:57写道：
> 
> Hi Antonio,
> 
> I see you have pushed new commits to support multiple link to peers.
> So I tried compiling, but encounter below error. My kernel version
> is 5.4.0-54.
> 
> 
> 
> tony-vm-2004% make                                                  
>                                                                    
>                                                                    
>      
> /project/openvpn/ovpn-dco.git/gen-compat-autoconf.sh
> /project/openvpn/ovpn-dco.git/compat-autoconf.h                    
>                                                                    
>                      
> make -C /lib/modules/5.4.0-54-generic/build
> M=/project/openvpn/ovpn-dco.git PWD=/project/openvpn/ovpn-dco.git
> REVISION=2555e55 CONFIG_OVPN_DCO=m INSTALL_MOD_DIR=updates/      
> modules                            
> make[1]: Entering directory
> '/usr/src/linux-headers-5.4.0-54-generic'                          
>                                                                    
>                                                
>   CC [M]  /project/openvpn/ovpn-dco.git/drivers/net/ovpn-dco/main.o
>                                                                    
>                                                                    
>        
>   CC [M]  /project/openvpn/ovpn-dco.git/drivers/net/ovpn-dco/bind.o
>                                                                    
>                                                                    
>        
>   CC [M]
>  /project/openvpn/ovpn-dco.git/drivers/net/ovpn-dco/crypto.o        
>                                                                    
>                                                                  
>   CC [M]  /project/openvpn/ovpn-dco.git/drivers/net/ovpn-dco/ovpn.o
>                                                                    
>                                                                    
>        
>   CC [M]  /project/openvpn/ovpn-dco.git/drivers/net/ovpn-dco/peer.o
>                                                                    
>                                                                    
>        
> In file included from ./include/linux/bitmap.h:9,                  
>                                                                    
>                                                                    
>        
>                  from ./include/linux/cpumask.h:12,                
>                                                                    
>                                                                    
>        
>                  from ./arch/x86/include/asm/cpumask.h:5,          
>                                                                    
>                                                                    
>        
>                  from ./arch/x86/include/asm/msr.h:11,              
>                                                                    
>                                                                    
>      
>                  from ./arch/x86/include/asm/processor.h:21,        
>                                                                    
>                                                                    
>      
>                  from ./arch/x86/include/asm/cpufeature.h:5,        
>                                                                    
>                                                                    
>      
>                  from ./arch/x86/include/asm/thread_info.h:53,      
>                                                                    
>                                                                    
>      
>                  from ./include/linux/thread_info.h:38,            
>                                                                    
>                                                                    
>        
>

Re: [Openvpn-devel] [ovpn-dco] compilation error in function ‘ovpn_peer_lookup_transp_addr’

2021-01-13 Thread Tony He

change the subject.

Tony He  于2021年1月13日周三 下午5:03写道：

> Sorry, clicked "send" button before adding subject and CC Openvpn-dev. I
> will send a new mail.
>
> Tony He  于2021年1月13日周三 下午4:57写道：
>
>> Hi Antonio,
>>
>> I see you have pushed new commits to support multiple link to peers. So I
>> tried compiling, but encounter below error. My kernel version is 5.4.0-54.
>>
>>
>>
>> tony-vm-2004% make
>>
>>
>> /project/openvpn/ovpn-dco.git/gen-compat-autoconf.sh
>> /project/openvpn/ovpn-dco.git/compat-autoconf.h
>>
>>
>> make -C /lib/modules/5.4.0-54-generic/build
>> M=/project/openvpn/ovpn-dco.git PWD=/project/openvpn/ovpn-dco.git
>> REVISION=2555e55 CONFIG_OVPN_DCO=m INSTALL_MOD_DIR=updates/   modules
>>
>> make[1]: Entering directory '/usr/src/linux-headers-5.4.0-54-generic'
>>
>>
>>   CC [M]  /project/openvpn/ovpn-dco.git/drivers/net/ovpn-dco/main.o
>>
>>
>>   CC [M]  /project/openvpn/ovpn-dco.git/drivers/net/ovpn-dco/bind.o
>>
>>
>>   CC [M]  /project/openvpn/ovpn-dco.git/drivers/net/ovpn-dco/crypto.o
>>
>>
>>   CC [M]  /project/openvpn/ovpn-dco.git/drivers/net/ovpn-dco/ovpn.o
>>
>>
>>   CC [M]  /project/openvpn/ovpn-dco.git/drivers/net/ovpn-dco/peer.o
>>
>>
>> In file included from ./include/linux/bitmap.h:9,
>>
>>
>>  from ./include/linux/cpumask.h:12,
>>
>>
>>  from ./arch/x86/include/asm/cpumask.h:5,
>>
>>
>>  from ./arch/x86/include/asm/msr.h:11,
>>
>>
>>  from ./arch/x86/include/asm/processor.h:21,
>>
>>
>>  from ./arch/x86/include/asm/cpufeature.h:5,
>>
>>
>>  from ./arch/x86/include/asm/thread_info.h:53,
>>
>>
>>  from ./include/linux/thread_info.h:38,
>>
>>
>>  from ./arch/x86/include/asm/preempt.h:7,
>>
>>
>>  from ./include/linux/preempt.h:78,
>>
>>
>>  from ./include/linux/spinlock.h:51,
>>
>>
>>  from ./include/linux/seqlock.h:36,
>>
>>
>>  from ./include/linux/time.h:6,
>>
>>
>>  from ./include/linux/ktime.h:24,
>>
>>
>>  from ./include/linux/timer.h:6,
>>
>>
>>  from ./include/linux/netdevice.h:24,
>>
>>
>>  from /project/openvpn/ovpn-dco.git/linux-compat.h:20,
>>
>>
>>  from :
>>
>>
>> In function ‘memcmp’,
>>
>>
>> inlined from ‘ovpn_peer_lookup_transp_addr’ at
>> /project/openvpn/ovpn-dco.git/drivers/net/ovpn-dco/peer.c:457:8:
>>
>>
>> ./include/linux/string.h:440:4: error: call to ‘__read_overflow’ declared
>> with attribute error: detected read beyond size of object passed as 1st
>> parameter
>>   440 |__read_overflow();
>>   |^
>> make[3]: *** [scripts/Makefile.build:275:
>> /project/openvpn/ovpn-dco.git/drivers/net/ovpn-dco/peer.o] Error 1
>> make[2]: *** [scripts/Makefile.build:522:
>> /project/openvpn/ovpn-dco.git/drivers/net/ovpn-dco] Error 2
>> make[1]: *** [Makefile:1757: /project/openvpn/ovpn-dco.git] Error 2
>> make[1]: Leaving directory '/usr/src/linux-headers-5.4.0-54-generic'
>> make: *** [Makefile:46: all] Error 2
>>
>>
>> Function memcmp
>> in /usr/src/linux-headers-5.4.0-54-generic/include/linux/string.h.
>> 434 __FORTIFY_INLINE int memcmp(const void *p, const void *q,
>> __kernel_size_t size)
>> 435 {
>> 436 size_t p_size = __builtin_object_size(p, 0);
>> 437 size_t q_size = __builtin_object_size(q, 0);
>> 438 if (__builtin_constant_p(size)) {
>> 439 if (p_size < size)
>> 440 __read_overflow();
>> 441 if (q_size < size)
>> 442 __read_overflow2();
>> 443 }
>> 444 if (p_size < size || q_size < size)
>> 445 fortify_panic(__func__);
>> 446 return __underlying_memcmp(p, q, size);
>> 447 }
>>
>> Seems that p_size is 8 in above memcmp function because if I change your
>> code as below , then it's OK(9 causes same error).
>> 456 case AF_INET6:
>> 457 if (memcmp((void *)&sa6->sin6_addr, (void
>> *)&bind->sa.in6.sin6_addr,
>> 458 //   sizeof(struct in6_addr)))
>> 459 8))
>> 460 break;
>>
>> Tony
>>
>
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [ovpn-dco]

2021-01-13 Thread Tony He

Sorry, clicked "send" button before adding subject and CC Openvpn-dev. I
will send a new mail.

Tony He  于2021年1月13日周三 下午4:57写道：

> Hi Antonio,
>
> I see you have pushed new commits to support multiple link to peers. So I
> tried compiling, but encounter below error. My kernel version is 5.4.0-54.
>
>
>
> tony-vm-2004% make
>
>
> /project/openvpn/ovpn-dco.git/gen-compat-autoconf.sh
> /project/openvpn/ovpn-dco.git/compat-autoconf.h
>
>
> make -C /lib/modules/5.4.0-54-generic/build
> M=/project/openvpn/ovpn-dco.git PWD=/project/openvpn/ovpn-dco.git
> REVISION=2555e55 CONFIG_OVPN_DCO=m INSTALL_MOD_DIR=updates/   modules
>
> make[1]: Entering directory '/usr/src/linux-headers-5.4.0-54-generic'
>
>
>   CC [M]  /project/openvpn/ovpn-dco.git/drivers/net/ovpn-dco/main.o
>
>
>   CC [M]  /project/openvpn/ovpn-dco.git/drivers/net/ovpn-dco/bind.o
>
>
>   CC [M]  /project/openvpn/ovpn-dco.git/drivers/net/ovpn-dco/crypto.o
>
>
>   CC [M]  /project/openvpn/ovpn-dco.git/drivers/net/ovpn-dco/ovpn.o
>
>
>   CC [M]  /project/openvpn/ovpn-dco.git/drivers/net/ovpn-dco/peer.o
>
>
> In file included from ./include/linux/bitmap.h:9,
>
>
>  from ./include/linux/cpumask.h:12,
>
>
>  from ./arch/x86/include/asm/cpumask.h:5,
>
>
>  from ./arch/x86/include/asm/msr.h:11,
>
>
>  from ./arch/x86/include/asm/processor.h:21,
>
>
>  from ./arch/x86/include/asm/cpufeature.h:5,
>
>
>  from ./arch/x86/include/asm/thread_info.h:53,
>
>
>  from ./include/linux/thread_info.h:38,
>
>
>  from ./arch/x86/include/asm/preempt.h:7,
>
>
>  from ./include/linux/preempt.h:78,
>
>
>  from ./include/linux/spinlock.h:51,
>
>
>  from ./include/linux/seqlock.h:36,
>
>
>  from ./include/linux/time.h:6,
>
>
>  from ./include/linux/ktime.h:24,
>
>
>  from ./include/linux/timer.h:6,
>
>
>  from ./include/linux/netdevice.h:24,
>
>
>  from /project/openvpn/ovpn-dco.git/linux-compat.h:20,
>
>
>  from :
>
>
> In function ‘memcmp’,
>
>
> inlined from ‘ovpn_peer_lookup_transp_addr’ at
> /project/openvpn/ovpn-dco.git/drivers/net/ovpn-dco/peer.c:457:8:
>
>
> ./include/linux/string.h:440:4: error: call to ‘__read_overflow’ declared
> with attribute error: detected read beyond size of object passed as 1st
> parameter
>   440 |__read_overflow();
>   |^
> make[3]: *** [scripts/Makefile.build:275:
> /project/openvpn/ovpn-dco.git/drivers/net/ovpn-dco/peer.o] Error 1
> make[2]: *** [scripts/Makefile.build:522:
> /project/openvpn/ovpn-dco.git/drivers/net/ovpn-dco] Error 2
> make[1]: *** [Makefile:1757: /project/openvpn/ovpn-dco.git] Error 2
> make[1]: Leaving directory '/usr/src/linux-headers-5.4.0-54-generic'
> make: *** [Makefile:46: all] Error 2
>
>
> Function memcmp
> in /usr/src/linux-headers-5.4.0-54-generic/include/linux/string.h.
> 434 __FORTIFY_INLINE int memcmp(const void *p, const void *q,
> __kernel_size_t size)
> 435 {
> 436 size_t p_size = __builtin_object_size(p, 0);
> 437 size_t q_size = __builtin_object_size(q, 0);
> 438 if (__builtin_constant_p(size)) {
> 439 if (p_size < size)
> 440 __read_overflow();
> 441 if (q_size < size)
> 442 __read_overflow2();
> 443 }
> 444 if (p_size < size || q_size < size)
> 445 fortify_panic(__func__);
> 446 return __underlying_memcmp(p, q, size);
> 447 }
>
> Seems that p_size is 8 in above memcmp function because if I change your
> code as below , then it's OK(9 causes same error).
> 456 case AF_INET6:
> 457 if (memcmp((void *)&sa6->sin6_addr, (void
> *)&bind->sa.in6.sin6_addr,
> 458 //   sizeof(struct in6_addr)))
> 459 8))
> 460 break;
>
> Tony
>
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] iOS, VPN On Demand (VoD)

Re: [Openvpn-devel] [ovpn-dco]compilation error in function ‘ovpn_peer_lookup_transp_addr’

[Openvpn-devel] [PATCH] Stop using deprecated getpass()

Re: [Openvpn-devel] is it possible to store saved password in tpm instead of registry ?

Re: [Openvpn-devel] is it possible to store saved password in tpm instead of registry ?

Re: [Openvpn-devel] is it possible to store saved password in tpm instead of registry ?

Re: [Openvpn-devel] is it possible to store saved password in tpm instead of registry ?

[Openvpn-devel] is it possible to store saved password in tpm instead of registry ?

Re: [Openvpn-devel] [ovpn-dco]compilation error in function ‘ovpn_peer_lookup_transp_addr’

Re: [Openvpn-devel] [ovpn-dco]compilation error in function ‘ovpn_peer_lookup_transp_addr’

Re: [Openvpn-devel] [PATCH v10] Add DNS SRV remote host discovery support

Re: [Openvpn-devel] [ovpn-dco]

Re: [Openvpn-devel] [ovpn-dco]

Re: [Openvpn-devel] [ovpn-dco]

Re: [Openvpn-devel] [ovpn-dco] compilation error in function ‘ovpn_peer_lookup_transp_addr’

Re: [Openvpn-devel] [ovpn-dco]

16 matches

Site Navigation

Mail list logo

Footer information