[Openvpn-devel] [L] Change in openvpn[master]: Implement support for larger packet counter sizes
Attention is currently required from: plaisthos. stipa has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/507?usp=email ) Change subject: Implement support for larger packet counter sizes .. Patch Set 6: (1 comment) File src/openvpn/init.c: http://gerrit.openvpn.net/c/openvpn/+/507/comment/0ded24fc_f7a6d46d : PS6, Line 2702: msg(D_PUSH_ERRORS, "OPTIONS ERROR: Aead tag at the end and 64 bit" missing space after "bit" -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/507?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I01e258e97351b5aa4b9e561f5b35ddc2318569e2 Gerrit-Change-Number: 507 Gerrit-PatchSet: 6 Gerrit-Owner: plaisthos Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: stipa Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Comment-Date: Thu, 01 Aug 2024 11:57:59 + Gerrit-HasComments: Yes Gerrit-Has-Labels: No Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [L] Change in openvpn[master]: Implement support for larger packet counter sizes
Attention is currently required from: plaisthos. stipa has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/507?usp=email ) Change subject: Implement support for larger packet counter sizes .. Patch Set 6: Code-Review+1 (6 comments) Patchset: PS6: A few minor comments, otherwise LGTM File src/openvpn/crypto.c: http://gerrit.openvpn.net/c/openvpn/+/507/comment/057e647e_235cce26 : PS6, Line 364: openvpn_decrypt_aead(struct buffer *buf, struct buffer work, Is it so that for DATA_V1: ad_start points to packet_id and for DATA_V2: ad_start points to opcode/peer-id ? File src/openvpn/init.c: http://gerrit.openvpn.net/c/openvpn/+/507/comment/68137a62_4480a3d5 : PS6, Line 2696: /* Ensure that for proto v3 is enabled fully or not at all */ Ensure that both aead_tag_end and long_pkt_id are enabled for DATA_V3 ? File src/openvpn/ssl.c: http://gerrit.openvpn.net/c/openvpn/+/507/comment/758ca11c_70a5b728 : PS6, Line 1528: impl_iv_len = cipher_ctx_iv_length(ctx->cipher) - packet_id_size(longiv); why not move declaration of impl_iv_len here? File src/openvpn/ssl_common.h: http://gerrit.openvpn.net/c/openvpn/+/507/comment/e1373829_32fe9ec0 : PS6, Line 314: bool disable_occ; this looks like an unrelated change http://gerrit.openvpn.net/c/openvpn/+/507/comment/b333e775_ad0af8c2 : PS6, Line 493: int limit_next; /* used for traffic shaping on the control channel */ ditto -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/507?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I01e258e97351b5aa4b9e561f5b35ddc2318569e2 Gerrit-Change-Number: 507 Gerrit-PatchSet: 6 Gerrit-Owner: plaisthos Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: stipa Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Comment-Date: Wed, 31 Jul 2024 14:12:10 + Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [M] Change in openvpn[master]: Implement support for AEAD tag at the end
Attention is currently required from: plaisthos, syzzer. stipa has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/506?usp=email ) Change subject: Implement support for AEAD tag at the end .. Patch Set 6: Code-Review+1 (2 comments) Patchset: PS6: Apart from one comment-related nit-pick, I couldn't find anything wrong. I am planning to test this soonish with dco-win + data_v3. File tests/unit_tests/openvpn/test_ssl.c: http://gerrit.openvpn.net/c/openvpn/+/506/comment/747528fe_47ac025e : PS6, Line 268: /* This adds a few more methods than strictly necessary but this allows "that strictly necessary" or "that are not strictly necessary" ? -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/506?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I00821d75342daf3f813b829812d648fe298bea81 Gerrit-Change-Number: 506 Gerrit-PatchSet: 6 Gerrit-Owner: plaisthos Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: stipa Gerrit-Reviewer: syzzer Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: syzzer Gerrit-Comment-Date: Wed, 31 Jul 2024 11:42:16 + Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [M] Change in openvpn[master]: Ensures all params are ready before invoking dco_set_peer()
Attention is currently required from: flichtenheld, its_Giaan, plaisthos. stipa has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/587?usp=email ) Change subject: Ensures all params are ready before invoking dco_set_peer() .. Patch Set 5: Code-Review+2 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/587?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ic8538e734dba53cd43fead3961e4401c8037e079 Gerrit-Change-Number: 587 Gerrit-PatchSet: 5 Gerrit-Owner: its_Giaan Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-Reviewer: stipa Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: its_Giaan Gerrit-Attention: flichtenheld Gerrit-Comment-Date: Wed, 24 Jul 2024 15:53:20 + Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [M] Change in openvpn[master]: Ensures all params are ready before invoking dco_set_peer()
Attention is currently required from: flichtenheld, its_Giaan, plaisthos. stipa has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/587?usp=email ) Change subject: Ensures all params are ready before invoking dco_set_peer() .. Patch Set 5: Code-Review-1 (1 comment) File src/openvpn/init.c: http://gerrit.openvpn.net/c/openvpn/+/587/comment/be9fd53e_44557d0b : PS5, Line 2180: I think this will break pure P2P mode. See https://github.com/OpenVPN/openvpn/commit/7c66a6dab54d8efcde57c8fb562f95d95f9b18d4 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/587?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ic8538e734dba53cd43fead3961e4401c8037e079 Gerrit-Change-Number: 587 Gerrit-PatchSet: 5 Gerrit-Owner: its_Giaan Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-Reviewer: stipa Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: its_Giaan Gerrit-Attention: flichtenheld Gerrit-Comment-Date: Wed, 24 Jul 2024 15:18:56 + Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [M] Change in openvpn[master]: Ensures all params are ready before invoking dco_set_peer()
Attention is currently required from: its_Giaan, plaisthos. stipa has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/587?usp=email ) Change subject: Ensures all params are ready before invoking dco_set_peer() .. Patch Set 4: Code-Review-1 (1 comment) Patchset: PS4: Please note that in case of (Windows) client dco_set_peer() is now calling twice. Once, as before, in do_up()->p2p_set_dco_keepalive() and another one in do_up()->do_deferred_options_part2()->tls_session_update_crypto_params() Is the problem solved by this patch is server-specific? Maybe ensure that dco_set_peer() call inside do_deferred_p2p_ncp() is called only for server? Note that existing code also works in P2P without --pull. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/587?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ic8538e734dba53cd43fead3961e4401c8037e079 Gerrit-Change-Number: 587 Gerrit-PatchSet: 4 Gerrit-Owner: its_Giaan Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-Reviewer: stipa Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: its_Giaan Gerrit-Comment-Date: Wed, 24 Jul 2024 11:15:00 + Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [L] Change in openvpn[master]: Windows: enforce 'block-local' with WFP filters
Attention is currently required from: d12fk, flichtenheld, plaisthos. stipa has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/489?usp=email ) Change subject: Windows: enforce 'block-local' with WFP filters .. Patch Set 6: Code-Review+1 (1 comment) Patchset: PS6: Looks good to me. I did some testing and found out that: 1) "block-local" also blocks traffic to the remote except by openvpn proces - which is somewhat expected since we are supposed to block everything not going into VPN. 2) If there is a direct route to the remote, openvpn thinks that this is on local network, and thus disables block-local functionality. I don't think this is expected, but this part is outside of scope of this patch. We could resolve (2) later. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/489?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ic9bf797bfc7e2d471998a84cb0f071db3e4832ba Gerrit-Change-Number: 489 Gerrit-PatchSet: 6 Gerrit-Owner: d12fk Gerrit-Reviewer: cron2 Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-Reviewer: stipa Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: flichtenheld Gerrit-Attention: d12fk Gerrit-Comment-Date: Wed, 05 Jun 2024 14:48:54 + Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: misc.c: remove unused code
Attention is currently required from: flichtenheld, plaisthos.
Hello plaisthos, flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/550?usp=email
to review the following change.
Change subject: misc.c: remove unused code
..
misc.c: remove unused code
Commit
3a4fb1 "Ensure --auth-nocache is handled during renegotiation"
has changed the behavior of set_auth_token(), but left unused parameter
struct user_pass *up
Remove this parameter and amend comments accordingly. Also remove
unused function definition from misc.h.
Signed-off-by: Lev Stipakov
Change-Id: Ic440f2c8d46dfcb5ff41ba2f33bf28bb7286eec4
---
M src/openvpn/misc.c
M src/openvpn/misc.h
M src/openvpn/ssl.c
3 files changed, 5 insertions(+), 17 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/50/550/1
diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
index 3ff0857..598fbae 100644
--- a/src/openvpn/misc.c
+++ b/src/openvpn/misc.c
@@ -491,19 +491,15 @@
}
void
-set_auth_token(struct user_pass *up, struct user_pass *tk, const char *token)
+set_auth_token(struct user_pass *tk, const char *token)
{
-
if (strlen(token))
{
strncpynt(tk->password, token, USER_PASS_LEN);
tk->token_defined = true;
/*
- * --auth-token has no username, so it needs the username
- * either already set or copied from up, or later set by
- * --auth-token-user
- * If already set, tk is fully defined.
+ * If username already set, tk is fully defined.
*/
if (strlen(tk->username))
{
diff --git a/src/openvpn/misc.h b/src/openvpn/misc.h
index cb3bf68..963f3e6 100644
--- a/src/openvpn/misc.h
+++ b/src/openvpn/misc.h
@@ -152,26 +152,18 @@
return get_user_pass_cr(up, auth_file, prefix, flags, NULL);
}
-void fail_user_pass(const char *prefix,
-const unsigned int flags,
-const char *reason);
-
void purge_user_pass(struct user_pass *up, const bool force);
/**
- * Sets the auth-token to token. If a username is available from
- * either up or already present in tk that will be used as default
- * username for the token. The method will also purge up if
+ * Sets the auth-token to token. The method will also purge up if
* the auth-nocache option is active.
*
- * @param up(non Auth-token) Username/password
* @param tkauth-token userpass to set
* @param token token to use as password for the auth-token
*
* @noteall parameters to this function must not be null.
*/
-void set_auth_token(struct user_pass *up, struct user_pass *tk,
-const char *token);
+void set_auth_token(struct user_pass *tk, const char *token);
/**
* Sets the auth-token username by base64 decoding the passed
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index 7895a37..7c49451 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -340,7 +340,7 @@
void
ssl_set_auth_token(const char *token)
{
-set_auth_token(_user_pass, _token, token);
+set_auth_token(_token, token);
}
void
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/550?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: Ic440f2c8d46dfcb5ff41ba2f33bf28bb7286eec4
Gerrit-Change-Number: 550
Gerrit-PatchSet: 1
Gerrit-Owner: stipa
Gerrit-Reviewer: flichtenheld
Gerrit-Reviewer: plaisthos
Gerrit-CC: openvpn-devel
Gerrit-Attention: plaisthos
Gerrit-Attention: flichtenheld
Gerrit-MessageType: newchange
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: Disable DCO if proxy is set via management
Attention is currently required from: flichtenheld, plaisthos.
Hello plaisthos, flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/543?usp=email
to review the following change.
Change subject: Disable DCO if proxy is set via management
..
Disable DCO if proxy is set via management
Commit
45a1cb2a ("Disable DCO if proxy is set via management")
attempted to disable DCO when proxy is set via management interface. However,
at least on Windows this doesn't work, since:
- setting tuntap_options->disable_dco to true is not enough to disable DCO
- at this point it is a bit too late, since we've already done DCO-specific
adjustments
Since proxy could be set via management only if --management-query-proxy is
specified,
the better way would be to add a check to dco_check_startup_option().
Github: fixes OpenVPN/openvpn#522
Change-Id: I16d6a9fefa317d7d4a195e786618328445bdbca8
Signed-off-by: Lev Stipakov
---
M src/openvpn/dco.c
M src/openvpn/init.c
2 files changed, 6 insertions(+), 6 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/43/543/1
diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index 14430d3..540b5a8 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -387,6 +387,12 @@
return false;
}
+if (o->management_flags & MF_QUERY_PROXY)
+{
+msg(msglevel, "Note: --management-query-proxy disables data channel
offload.");
+return false;
+}
+
/* now that all options have been confirmed to be supported, check
* if DCO is truly available on the system
*/
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 52b3931..6a3040f 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -221,12 +221,6 @@
}
else if (p[2] && p[3])
{
-if (dco_enabled(>options))
-{
-msg(M_INFO, "Proxy set via management, disabling Data Channel
Offload.");
-c->options.tuntap_options.disable_dco = true;
-}
-
if (streq(p[1], "HTTP"))
{
struct http_proxy_options *ho;
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/543?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I16d6a9fefa317d7d4a195e786618328445bdbca8
Gerrit-Change-Number: 543
Gerrit-PatchSet: 1
Gerrit-Owner: stipa
Gerrit-Reviewer: flichtenheld
Gerrit-Reviewer: plaisthos
Gerrit-CC: openvpn-devel
Gerrit-Attention: plaisthos
Gerrit-Attention: flichtenheld
Gerrit-MessageType: newchange
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [XS] Change in openvpn[master]: CMakeLists.txt: Don't fail on missing compile_commands.json
stipa has abandoned this change. ( http://gerrit.openvpn.net/c/openvpn/+/495?usp=email ) Change subject: CMakeLists.txt: Don't fail on missing compile_commands.json .. Abandoned Original patch has been reworked and this workaround is not needed. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/495?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ic19f859c3aca8b30aa51b12dcb906a6e7e735019 Gerrit-Change-Number: 495 Gerrit-PatchSet: 3 Gerrit-Owner: stipa Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-MessageType: abandon ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [M] Change in openvpn[master]: cmake: symlink whole build dir not just .json file
Attention is currently required from: d12fk, flichtenheld, plaisthos. stipa has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/501?usp=email ) Change subject: cmake: symlink whole build dir not just .json file .. Patch Set 1: Code-Review+1 (1 comment) Patchset: PS1: I have built and tested Windows part, so someone may want to look at autotools. Looks good: - by default, nothing has changed - when ENABLE_COMPILE_COMMANDS is set and VS is running under Administrator, "build" symlink is created - when ENABLE_COMPILE_COMMANDS is set and VS is not running under Administrator, build fails as expected because Windows doesn't allow to create symlinks for normal users -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/501?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ib1a5c788269949d8de95d1da2cb0c32a65bf13f2 Gerrit-Change-Number: 501 Gerrit-PatchSet: 1 Gerrit-Owner: d12fk Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-Reviewer: stipa Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: flichtenheld Gerrit-Attention: d12fk Gerrit-Comment-Date: Wed, 17 Jan 2024 09:23:58 + Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [L] Change in openvpn[master]: Windows: enforce 'block-local' with WFP filters
Attention is currently required from: cron2, d12fk, plaisthos. stipa has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/489?usp=email ) Change subject: Windows: enforce 'block-local' with WFP filters .. Patch Set 5: (1 comment) Patchset: PS5: Looks good to me. I have compiled it with MSVC and tested following scenarios (with server pushing block-local) - access to LAN is blocked (got "general failure" when pinging local gateway) - traffic to VPN gateway is blocked expect from VPN process (got "general failure" when pinging VPN gateway via its public IP) -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/489?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ic9bf797bfc7e2d471998a84cb0f071db3e4832ba Gerrit-Change-Number: 489 Gerrit-PatchSet: 5 Gerrit-Owner: d12fk Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-Reviewer: stipa Gerrit-CC: cron2 Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: cron2 Gerrit-Attention: d12fk Gerrit-Comment-Date: Wed, 17 Jan 2024 09:05:02 + Gerrit-HasComments: Yes Gerrit-Has-Labels: No Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [L] Change in openvpn[master]: Windows: enforce 'block-local' with WFP filters
Attention is currently required from: cron2, d12fk, plaisthos. stipa has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/489?usp=email ) Change subject: Windows: enforce 'block-local' with WFP filters .. Patch Set 5: Code-Review+2 (2 comments) File include/openvpn-msg.h: http://gerrit.openvpn.net/c/openvpn/+/489/comment/d1fb891c_bb0bba56 : PS4, Line 27: #include > They define some types used in the header. […] Acknowledged File src/openvpn/win32.h: http://gerrit.openvpn.net/c/openvpn/+/489/comment/e3203291_cfd5bef9 : PS4, Line 28: #include > They define some types used in the header. […] Acknowledged -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/489?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ic9bf797bfc7e2d471998a84cb0f071db3e4832ba Gerrit-Change-Number: 489 Gerrit-PatchSet: 5 Gerrit-Owner: d12fk Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-Reviewer: stipa Gerrit-CC: cron2 Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: cron2 Gerrit-Attention: d12fk Gerrit-Comment-Date: Wed, 17 Jan 2024 08:56:03 + Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Comment-In-Reply-To: d12fk Comment-In-Reply-To: stipa Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [XS] Change in openvpn[master]: CMakeLists.txt: Don't fail on missing compile_commands.json
Attention is currently required from: flichtenheld, plaisthos, stipa.
Hello flichtenheld, plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/495?usp=email
to look at the new patch set (#3).
The following approvals got outdated and were removed:
Code-Review-1 by flichtenheld
Change subject: CMakeLists.txt: Don't fail on missing compile_commands.json
..
CMakeLists.txt: Don't fail on missing compile_commands.json
Creating symlinks on Windows by default requires an elevated prompt,
which is not normally the case (but it turned out is the case for GHA).
Without elevated prompt this fails the build. Fix by make symlink creation
non-fatal by providing variable to store result.
Since CMAKE_EXPORT_COMPILE_COMMANDS works only on Ninja and
Makefile generators and doesn't produce anything on MSVC,
the symlink is useless in this case anyway.
Change-Id: Ic19f859c3aca8b30aa51b12dcb906a6e7e735019
Signed-off-by: Lev Stipakov
---
M CMakeLists.txt
1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/95/495/3
diff --git a/CMakeLists.txt b/CMakeLists.txt
index bc46c27..5c6fff0 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -45,7 +45,7 @@
# Create machine readable compile commands
set(CMAKE_EXPORT_COMPILE_COMMANDS 1)
file(CREATE_LINK ${CMAKE_CURRENT_BINARY_DIR}/compile_commands.json
- ${CMAKE_CURRENT_SOURCE_DIR}/compile_commands.json SYMBOLIC)
+ ${CMAKE_CURRENT_SOURCE_DIR}/compile_commands.json RESULT
COMPILE_COMMANDS_CREATED SYMBOLIC)
# AddressSanitize - use CXX=clang++ CC=clang cmake -DCMAKE_BUILD_TYPE=asan to
build with ASAN
set(CMAKE_C_FLAGS_ASAN
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/495?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: Ic19f859c3aca8b30aa51b12dcb906a6e7e735019
Gerrit-Change-Number: 495
Gerrit-PatchSet: 3
Gerrit-Owner: stipa
Gerrit-Reviewer: flichtenheld
Gerrit-Reviewer: plaisthos
Gerrit-CC: openvpn-devel
Gerrit-Attention: plaisthos
Gerrit-Attention: flichtenheld
Gerrit-Attention: stipa
Gerrit-MessageType: newpatchset
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [XS] Change in openvpn[master]: CMakeLists.txt: Don't fail on missing compile_commands.json
Attention is currently required from: flichtenheld, plaisthos.
Hello flichtenheld, plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/495?usp=email
to look at the new patch set (#2).
The following approvals got outdated and were removed:
Code-Review-1 by flichtenheld
Change subject: CMakeLists.txt: Don't fail on missing compile_commands.json
..
CMakeLists.txt: Don't fail on missing compile_commands.json
Commit
855030f3 ("cmake: create and link compile_commands.json file")
added creation of compile commands file and a symbolic link to it.
There a two issues:
- CMAKE_EXPORT_COMPILE_COMMANDS works only on Ninja and Makefile
generators and doesn't produce anything on MSVC.
- creating symlink on Windows by default requires an elevated prompt,
which is not normally the case (but it turned out is the case for GHA).
Without elevated prompt this fails the build.
Fix by make symlink creation non-fatal by providing variable
to store result.
Change-Id: Ic19f859c3aca8b30aa51b12dcb906a6e7e735019
Signed-off-by: Lev Stipakov
---
M CMakeLists.txt
1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/95/495/2
diff --git a/CMakeLists.txt b/CMakeLists.txt
index bc46c27..5c6fff0 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -45,7 +45,7 @@
# Create machine readable compile commands
set(CMAKE_EXPORT_COMPILE_COMMANDS 1)
file(CREATE_LINK ${CMAKE_CURRENT_BINARY_DIR}/compile_commands.json
- ${CMAKE_CURRENT_SOURCE_DIR}/compile_commands.json SYMBOLIC)
+ ${CMAKE_CURRENT_SOURCE_DIR}/compile_commands.json RESULT
COMPILE_COMMANDS_CREATED SYMBOLIC)
# AddressSanitize - use CXX=clang++ CC=clang cmake -DCMAKE_BUILD_TYPE=asan to
build with ASAN
set(CMAKE_C_FLAGS_ASAN
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/495?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: Ic19f859c3aca8b30aa51b12dcb906a6e7e735019
Gerrit-Change-Number: 495
Gerrit-PatchSet: 2
Gerrit-Owner: stipa
Gerrit-Reviewer: flichtenheld
Gerrit-Reviewer: plaisthos
Gerrit-CC: openvpn-devel
Gerrit-Attention: plaisthos
Gerrit-Attention: flichtenheld
Gerrit-MessageType: newpatchset
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [XS] Change in openvpn[master]: CMakeLists.txt: Don't fail on missing compile_commands.json
Attention is currently required from: flichtenheld, plaisthos. stipa has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/495?usp=email ) Change subject: CMakeLists.txt: Don't fail on missing compile_commands.json .. Patch Set 1: (1 comment) Patchset: PS1: > As discussed on IRC: I really would like to understand and document WHY this > patch is needed. […] I got the same error when running CMake from CMD: https://gist.githubusercontent.com/lstipakov/3c87a0d4c5eeb0ce7c91645171814221/raw/e25fe78607eeb6e0fda4225271e7c248f51e6e81/gistfile1.txt (the error messages translates to "user doesn't have required permissions") -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/495?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ic19f859c3aca8b30aa51b12dcb906a6e7e735019 Gerrit-Change-Number: 495 Gerrit-PatchSet: 1 Gerrit-Owner: stipa Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: flichtenheld Gerrit-Comment-Date: Fri, 12 Jan 2024 11:04:34 + Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: flichtenheld Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [XS] Change in openvpn[master]: CMakeLists.txt: Don't fail on missing compile_commands.json
Attention is currently required from: flichtenheld, plaisthos.
Hello plaisthos, flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/495?usp=email
to review the following change.
Change subject: CMakeLists.txt: Don't fail on missing compile_commands.json
..
CMakeLists.txt: Don't fail on missing compile_commands.json
CMAKE_EXPORT_COMPILE_COMMANDS works only on Ninja and Makefile
generators and doesn't produce anything on MSVC.
Due to that, creating symlink for it fails for me.
Fix by make symlink creation non-fatal by providing variable
to store result.
Change-Id: Ic19f859c3aca8b30aa51b12dcb906a6e7e735019
Signed-off-by: Lev Stipakov
---
M CMakeLists.txt
1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/95/495/1
diff --git a/CMakeLists.txt b/CMakeLists.txt
index bc46c27..5c6fff0 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -45,7 +45,7 @@
# Create machine readable compile commands
set(CMAKE_EXPORT_COMPILE_COMMANDS 1)
file(CREATE_LINK ${CMAKE_CURRENT_BINARY_DIR}/compile_commands.json
- ${CMAKE_CURRENT_SOURCE_DIR}/compile_commands.json SYMBOLIC)
+ ${CMAKE_CURRENT_SOURCE_DIR}/compile_commands.json RESULT
COMPILE_COMMANDS_CREATED SYMBOLIC)
# AddressSanitize - use CXX=clang++ CC=clang cmake -DCMAKE_BUILD_TYPE=asan to
build with ASAN
set(CMAKE_C_FLAGS_ASAN
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/495?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: Ic19f859c3aca8b30aa51b12dcb906a6e7e735019
Gerrit-Change-Number: 495
Gerrit-PatchSet: 1
Gerrit-Owner: stipa
Gerrit-Reviewer: flichtenheld
Gerrit-Reviewer: plaisthos
Gerrit-CC: openvpn-devel
Gerrit-Attention: plaisthos
Gerrit-Attention: flichtenheld
Gerrit-MessageType: newchange
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [L] Change in openvpn[master]: Windows: enforce 'block-local' with WFP filters
Attention is currently required from: cron2, d12fk, flichtenheld, plaisthos. stipa has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/489?usp=email ) Change subject: Windows: enforce 'block-local' with WFP filters .. Patch Set 4: (5 comments) File include/openvpn-msg.h: http://gerrit.openvpn.net/c/openvpn/+/489/comment/b79b7779_628d912d : PS4, Line 27: #include why those are needed here? File src/openvpn/route.c: http://gerrit.openvpn.net/c/openvpn/+/489/comment/e376b80f_a07c08de : PS4, Line 621: do_block_local(const struct route_list *rl) since this function doesn't really do any blocking and only check options, maybe rename to "is_block_local_needed()" ? File src/openvpn/wfp_block.c: http://gerrit.openvpn.net/c/openvpn/+/489/comment/98a45da8_a4f2c958 : PS4, Line 310: /* Fifth filter. Permit IPv4 for the VPN interface. Permit DNS or all IPv4 traffic for the VPN interface? http://gerrit.openvpn.net/c/openvpn/+/489/comment/d9207c40_fa180f47 : PS4, Line 327: /* Sixth filter. Permit IPv6 for the VPN interface. Same as above - Permit DNS or all IPv6 traffic for the VPN interface? File src/openvpn/win32.h: http://gerrit.openvpn.net/c/openvpn/+/489/comment/55c79df7_1e0f8209 : PS4, Line 28: #include why those changes? -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/489?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ic9bf797bfc7e2d471998a84cb0f071db3e4832ba Gerrit-Change-Number: 489 Gerrit-PatchSet: 4 Gerrit-Owner: d12fk Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: cron2 Gerrit-CC: openvpn-devel Gerrit-CC: stipa Gerrit-Attention: plaisthos Gerrit-Attention: cron2 Gerrit-Attention: flichtenheld Gerrit-Attention: d12fk Gerrit-Comment-Date: Wed, 10 Jan 2024 10:16:58 + Gerrit-HasComments: Yes Gerrit-Has-Labels: No Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: tun.c: don't attempt to delete DNS and WINS servers if they're not set
Attention is currently required from: flichtenheld, plaisthos, stipa.
Hello flichtenheld, plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/482?usp=email
to look at the new patch set (#2).
The following approvals got outdated and were removed:
Code-Review-1 by flichtenheld
Change subject: tun.c: don't attempt to delete DNS and WINS servers if they're
not set
..
tun.c: don't attempt to delete DNS and WINS servers if they're not set
Commits
1c4a47f7 ("wintun: set adapter properties via interactive service")
18826de5 ("Set WINS servers via interactice service")
added functionality of add/remove DNS/WINS via interactive
service, which is used mostly by dco-win and wintun (tap-windows6
normally uses DHCP). There is a check in code - if DNS/WINS addresses
are not pushed, nothing is added.
However, due to bug we always attempted to remove DNS/WINS,
even if nothing was added. Removing WINS, for example, could take
up to 3 seconds.
This change fixes this by improving check "has DNS/WINS been pushed?".
While on it, convert do_XXX_service() functions to "void" from "bool",
since we never check their return values.
Change-Id: I21a36d24f8e213c780f55acbe3e4df555c93542a
Signed-off-by: Lev Stipakov
---
M src/openvpn/tun.c
1 file changed, 12 insertions(+), 23 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/82/482/2
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index f1b8699..8e96149 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -147,17 +147,16 @@
return ret;
}
-static bool
+static void
do_dns_domain_service(bool add, const struct tuntap *tt)
{
-bool ret = false;
ack_message_t ack;
struct gc_arena gc = gc_new();
HANDLE pipe = tt->options.msg_channel;
if (!tt->options.domain) /* no domain to add or delete */
{
-return true;
+goto out;
}
/* Use dns_cfg_msg with addr_len = 0 for setting only the DOMAIN */
@@ -195,17 +194,14 @@
}
msg(M_INFO, "DNS domain %s using service", (add ? "set" : "deleted"));
-ret = true;
out:
gc_free();
-return ret;
}
-static bool
+static void
do_dns_service(bool add, const short family, const struct tuntap *tt)
{
-bool ret = false;
ack_message_t ack;
struct gc_arena gc = gc_new();
HANDLE pipe = tt->options.msg_channel;
@@ -213,9 +209,10 @@
int addr_len = add ? len : 0;
const char *ip_proto_name = family == AF_INET6 ? "IPv6" : "IPv4";
-if (addr_len == 0 && add) /* no addresses to add */
+if (len == 0)
{
-return true;
+/* nothing to do */
+goto out;
}
/* Use dns_cfg_msg with domain = "" for setting only the DNS servers */
@@ -272,26 +269,23 @@
}
msg(M_INFO, "%s dns servers %s using service", ip_proto_name, (add ? "set"
: "deleted"));
-ret = true;
out:
gc_free();
-return ret;
}
-static bool
+static void
do_wins_service(bool add, const struct tuntap *tt)
{
-bool ret = false;
ack_message_t ack;
struct gc_arena gc = gc_new();
HANDLE pipe = tt->options.msg_channel;
-int len = tt->options.wins_len;
-int addr_len = add ? len : 0;
+int addr_len = add ? tt->options.wins_len : 0;
-if (addr_len == 0 && add) /* no addresses to add */
+if (tt->options.wins_len == 0)
{
-return true;
+/* nothing to do */
+goto out;
}
wins_cfg_message_t wins = {
@@ -338,11 +332,9 @@
}
msg(M_INFO, "WINS servers %s using service", (add ? "set" : "deleted"));
-ret = true;
out:
gc_free();
-return ret;
}
static bool
@@ -7019,10 +7011,7 @@
{
do_dns_domain_service(false, tt);
}
-if (tt->options.dns6_len > 0)
-{
-do_dns_service(false, AF_INET6, tt);
-}
+do_dns_service(false, AF_INET6, tt);
delete_route_connected_v6_net(tt);
do_address_service(false, AF_INET6, tt);
}
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/482?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I21a36d24f8e213c780f55acbe3e4df555c93542a
Gerrit-Change-Number: 482
Gerrit-PatchSet: 2
Gerrit-Owner: stipa
Gerrit-Reviewer: flichtenheld
Gerrit-Reviewer: plaisthos
Gerrit-CC: d12fk
Gerrit-CC: openvpn-devel
Gerrit-Attention: plaisthos
Gerrit-Attention: flichtenheld
Gerrit-Attention: stipa
Gerrit-MessageType: newpatchset
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: tun.c: don't attempt to delete DNS and WINS servers if they're not set
Attention is currently required from: d12fk, flichtenheld, plaisthos. stipa has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/482?usp=email ) Change subject: tun.c: don't attempt to delete DNS and WINS servers if they're not set .. Patch Set 2: (2 comments) Commit Message: http://gerrit.openvpn.net/c/openvpn/+/482/comment/6bccb548_434b4cc2 : PS1, Line 19: However, due to bug we always attempted to remove DNS/WINS, > Such a delay is the good reason I was looking for. […] Done File src/openvpn/tun.c: http://gerrit.openvpn.net/c/openvpn/+/482/comment/60defa74_6e621889 : PS1, Line 212: if (((family == AF_INET6) && (tt->options.dns6_len == 0)) > can be shortened to "len == 0" Acknowledged -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/482?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I21a36d24f8e213c780f55acbe3e4df555c93542a Gerrit-Change-Number: 482 Gerrit-PatchSet: 2 Gerrit-Owner: stipa Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: d12fk Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: flichtenheld Gerrit-Attention: d12fk Gerrit-Comment-Date: Mon, 18 Dec 2023 15:18:31 + Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: flichtenheld Comment-In-Reply-To: d12fk Comment-In-Reply-To: stipa Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: tun.c: don't attempt to delete DNS and WINS servers if they're not set
Attention is currently required from: d12fk, flichtenheld, plaisthos. stipa has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/482?usp=email ) Change subject: tun.c: don't attempt to delete DNS and WINS servers if they're not set .. Patch Set 1: (1 comment) Commit Message: http://gerrit.openvpn.net/c/openvpn/+/482/comment/d7d9f828_cf70f1a1 : PS1, Line 19: However, due to bug we always attempted to remove DNS/WINS, > What's the issue with always trying to remove these? Is there an error > message in the log or somethi […] Why delete something that we haven't added? We have this logic (do not delete if not added) for DNS6 already. Besides, in some cases it might take up to 3 seconds. 2023-12-14 07:45:35 Closing DCO interface 2023-12-14 07:45:35 delete_route_ipv6(fd00:abcd:194:1::/64) 2023-12-14 07:45:35 IPv6 route deletion via service succeeded 2023-12-14 07:45:35 INET6 address service: remove fd00:abcd:194:1::1005/128 2023-12-14 07:45:38 WINS servers deleted using service -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/482?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I21a36d24f8e213c780f55acbe3e4df555c93542a Gerrit-Change-Number: 482 Gerrit-PatchSet: 1 Gerrit-Owner: stipa Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: d12fk Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: flichtenheld Gerrit-Attention: d12fk Gerrit-Comment-Date: Mon, 18 Dec 2023 07:53:38 + Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: d12fk Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: tun.c: don't attempt to delete DNS and WINS servers if they're not set
Attention is currently required from: flichtenheld, plaisthos.
Hello plaisthos, flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/482?usp=email
to review the following change.
Change subject: tun.c: don't attempt to delete DNS and WINS servers if they're
not set
..
tun.c: don't attempt to delete DNS and WINS servers if they're not set
Commits
1c4a47f7 ("wintun: set adapter properties via interactive service")
18826de5 ("Set WINS servers via interactice service")
added functionality of add/remove DNS/WINS via interactive
service, which is used mostly by dco-win and wintun (tap-windows6
normally uses DHCP). There is a check in code - if DNS/WINS addresses
are not pushed, nothing is added.
However, due to bug we always attempted to remove DNS/WINS,
even if nothing was added. This change fixes this by improving
check "has DNS/WINS been pushed?".
While on it, convert do_XXX_service() functions to "void" from "bool",
since we never check their return values.
Change-Id: I21a36d24f8e213c780f55acbe3e4df555c93542a
Signed-off-by: Lev Stipakov
---
M src/openvpn/tun.c
1 file changed, 13 insertions(+), 23 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/82/482/1
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index f1b8699..9104d46 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -147,17 +147,16 @@
return ret;
}
-static bool
+static void
do_dns_domain_service(bool add, const struct tuntap *tt)
{
-bool ret = false;
ack_message_t ack;
struct gc_arena gc = gc_new();
HANDLE pipe = tt->options.msg_channel;
if (!tt->options.domain) /* no domain to add or delete */
{
-return true;
+goto out;
}
/* Use dns_cfg_msg with addr_len = 0 for setting only the DOMAIN */
@@ -195,17 +194,14 @@
}
msg(M_INFO, "DNS domain %s using service", (add ? "set" : "deleted"));
-ret = true;
out:
gc_free();
-return ret;
}
-static bool
+static void
do_dns_service(bool add, const short family, const struct tuntap *tt)
{
-bool ret = false;
ack_message_t ack;
struct gc_arena gc = gc_new();
HANDLE pipe = tt->options.msg_channel;
@@ -213,9 +209,11 @@
int addr_len = add ? len : 0;
const char *ip_proto_name = family == AF_INET6 ? "IPv6" : "IPv4";
-if (addr_len == 0 && add) /* no addresses to add */
+if (((family == AF_INET6) && (tt->options.dns6_len == 0))
+|| ((family == AF_INET) && (tt->options.dns_len == 0)))
{
-return true;
+/* nothing to do */
+goto out;
}
/* Use dns_cfg_msg with domain = "" for setting only the DNS servers */
@@ -272,26 +270,23 @@
}
msg(M_INFO, "%s dns servers %s using service", ip_proto_name, (add ? "set"
: "deleted"));
-ret = true;
out:
gc_free();
-return ret;
}
-static bool
+static void
do_wins_service(bool add, const struct tuntap *tt)
{
-bool ret = false;
ack_message_t ack;
struct gc_arena gc = gc_new();
HANDLE pipe = tt->options.msg_channel;
-int len = tt->options.wins_len;
-int addr_len = add ? len : 0;
+int addr_len = add ? tt->options.wins_len : 0;
-if (addr_len == 0 && add) /* no addresses to add */
+if (tt->options.wins_len == 0)
{
-return true;
+/* nothing to do */
+goto out;
}
wins_cfg_message_t wins = {
@@ -338,11 +333,9 @@
}
msg(M_INFO, "WINS servers %s using service", (add ? "set" : "deleted"));
-ret = true;
out:
gc_free();
-return ret;
}
static bool
@@ -7019,10 +7012,7 @@
{
do_dns_domain_service(false, tt);
}
-if (tt->options.dns6_len > 0)
-{
-do_dns_service(false, AF_INET6, tt);
-}
+do_dns_service(false, AF_INET6, tt);
delete_route_connected_v6_net(tt);
do_address_service(false, AF_INET6, tt);
}
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/482?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I21a36d24f8e213c780f55acbe3e4df555c93542a
Gerrit-Change-Number: 482
Gerrit-PatchSet: 1
Gerrit-Owner: stipa
Gerrit-Reviewer: flichtenheld
Gerrit-Reviewer: plaisthos
Gerrit-CC: openvpn-devel
Gerrit-Attention: plaisthos
Gerrit-Attention: flichtenheld
Gerrit-MessageType: newchange
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [XS] Change in openvpn[master]: config.h: fix incorrect defines for _wopen()
Attention is currently required from: flichtenheld, plaisthos.
Hello plaisthos, flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/429?usp=email
to review the following change.
Change subject: config.h: fix incorrect defines for _wopen()
..
config.h: fix incorrect defines for _wopen()
This is a regression from commit
01341840 ("add basic CMake based build")
S_IRUSR and S_IWUSR should NOT be defined as 0 but
as _S_IREAD and _S_IWRITE, as it was already fixed in commit
077445d0 ("Fix some more wrong defines in config-msvc.h")
Those are used as permission mode when opening a file. Passing
zero makes file read-only, which break for example --status-file
functionality.
Fixes https://github.com/OpenVPN/openvpn/issues/454
Change-Id: I53eaee85d7b284af6bc63da5f6d8f310ddd96c47
Signed-off-by: Lev Stipakov
---
M config.h.cmake.in
1 file changed, 2 insertions(+), 2 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/29/429/1
diff --git a/config.h.cmake.in b/config.h.cmake.in
index f2cdd39..1c0dd6f 100644
--- a/config.h.cmake.in
+++ b/config.h.cmake.in
@@ -469,8 +469,8 @@
#define strncasecmp strnicmp
#define strcasecmp _stricmp
-#define S_IRUSR 0
-#define S_IWUSR 0
+#define S_IRUSR _S_IREAD
+#define S_IWUSR _S_IWRITE
#define R_OK 4
#define W_OK 2
#define X_OK 1
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/429?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I53eaee85d7b284af6bc63da5f6d8f310ddd96c47
Gerrit-Change-Number: 429
Gerrit-PatchSet: 1
Gerrit-Owner: stipa
Gerrit-Reviewer: flichtenheld
Gerrit-Reviewer: plaisthos
Gerrit-CC: openvpn-devel
Gerrit-Attention: plaisthos
Gerrit-Attention: flichtenheld
Gerrit-MessageType: newchange
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: Warn if pushed options require DHCP
Attention is currently required from: flichtenheld, plaisthos.
Hello plaisthos, flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/428?usp=email
to review the following change.
Change subject: Warn if pushed options require DHCP
..
Warn if pushed options require DHCP
Some pushed options (such as DOMAIN-SEARCH) require
DHCP server to work. Warn user that some options
will not work if the current driver (such as dco-win)
doesn't support DHCP.
Change-Id: Ie512544329a91fae15409cb18f29d8be617051a1
Signed-off-by: Lev Stipakov
---
M src/openvpn/options.c
M src/openvpn/tun.c
2 files changed, 9 insertions(+), 2 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/28/428/1
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index abd2e0c..b34e2f6 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -2477,10 +2477,10 @@
if (options->tuntap_options.dhcp_options & DHCP_OPTIONS_DHCP_REQUIRED)
{
-const char *prefix = "Some dhcp-options require DHCP server";
+const char *prefix = "Some --dhcp-option or --dns options require DHCP
server";
if (options->windows_driver != WINDOWS_DRIVER_TAP_WINDOWS6)
{
-msg(M_USAGE, "%s, which is not supported by selected %s driver",
+msg(M_USAGE, "%s, which is not supported by the selected %s
driver",
prefix, print_windows_driver(options->windows_driver));
}
else if (options->tuntap_options.ip_win32_type != IPW32_SET_DHCP_MASQ
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index f857ed1..1b79d42 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -6826,6 +6826,13 @@
open_tun(const char *dev, const char *dev_type, const char *dev_node, struct
tuntap *tt,
openvpn_net_ctx_t *ctx)
{
+if ((tt->options.dhcp_options & DHCP_OPTIONS_DHCP_REQUIRED)
+&& tt->windows_driver != WINDOWS_DRIVER_TAP_WINDOWS6)
+{
+msg(M_WARN, "Some --dhcp-option or --dns options require DHCP server,
which is not supported by the selected %s driver. They will be ignored.",
+print_windows_driver(tt->windows_driver));
+}
+
/* dco-win already opened the device, which handle we treat as socket */
if (tuntap_is_dco_win(tt))
{
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/428?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: Ie512544329a91fae15409cb18f29d8be617051a1
Gerrit-Change-Number: 428
Gerrit-PatchSet: 1
Gerrit-Owner: stipa
Gerrit-Reviewer: flichtenheld
Gerrit-Reviewer: plaisthos
Gerrit-CC: openvpn-devel
Gerrit-Attention: plaisthos
Gerrit-Attention: flichtenheld
Gerrit-MessageType: newchange
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [XS] Change in openvpn[master]: Make --dns options apply for tap-windows6 driver
Attention is currently required from: flichtenheld, plaisthos.
Hello plaisthos, flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/427?usp=email
to review the following change.
Change subject: Make --dns options apply for tap-windows6 driver
..
Make --dns options apply for tap-windows6 driver
When tap-windows6 driver is used, both --dhcp-option and
--dns options are applied with DHCP. When processing --dns options,
we don't set "tuntap_options.dhcp_options" member, which is required
for DHCP string to be sent to the driver. As a result, --dns options
are not applied at all.
Fix by adding missing assignment of tuntap_options.dhcp_options.
Fixes https://github.com/OpenVPN/openvpn/issues/447
Change-Id: I24f43ad319bd1ca530fe17442d02a97412eb75c7
Signed-off-by: Lev Stipakov
---
M src/openvpn/options.c
1 file changed, 3 insertions(+), 0 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/27/427/1
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index b88fea9..abd2e0c 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -1364,6 +1364,8 @@
{
msg(M_WARN, "WARNING: couldn't copy all --dns search-domains to
--dhcp-option");
}
+
+tt->dhcp_options |= DHCP_OPTIONS_DHCP_REQUIRED;
}
if (dns->servers)
@@ -1401,6 +1403,7 @@
{
msg(M_WARN, "WARNING: couldn't copy all --dns server addresses to
--dhcp-option");
}
+tt->dhcp_options |= DHCP_OPTIONS_DHCP_OPTIONAL;
}
}
#else /* if defined(_WIN32) || defined(TARGET_ANDROID) */
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/427?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I24f43ad319bd1ca530fe17442d02a97412eb75c7
Gerrit-Change-Number: 427
Gerrit-PatchSet: 1
Gerrit-Owner: stipa
Gerrit-Reviewer: flichtenheld
Gerrit-Reviewer: plaisthos
Gerrit-CC: openvpn-devel
Gerrit-Attention: plaisthos
Gerrit-Attention: flichtenheld
Gerrit-MessageType: newchange
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[release/2.6]: Warn if pushed options require DHCP
Attention is currently required from: flichtenheld, plaisthos, stipa.
Hello flichtenheld, plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/424?usp=email
to look at the new patch set (#3).
The following approvals got outdated and were removed:
Code-Review-1 by flichtenheld
Change subject: Warn if pushed options require DHCP
..
Warn if pushed options require DHCP
Some pushed options (such as DOMAIN-SEARCH) require
DHCP server to work. Warn user that some options
will not work if the current driver (such as dco-win)
doesn't support DHCP.
Change-Id: Ie512544329a91fae15409cb18f29d8be617051a1
Signed-off-by: Lev Stipakov
---
M src/openvpn/options.c
M src/openvpn/tun.c
2 files changed, 9 insertions(+), 2 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/24/424/3
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index f8d0b2e..82b4f3e 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -2486,10 +2486,10 @@
if (options->tuntap_options.dhcp_options & DHCP_OPTIONS_DHCP_REQUIRED)
{
-const char *prefix = "Some dhcp-options require DHCP server";
+const char *prefix = "Some --dhcp-option or --dns options require DHCP
server";
if (options->windows_driver != WINDOWS_DRIVER_TAP_WINDOWS6)
{
-msg(M_USAGE, "%s, which is not supported by selected %s driver",
+msg(M_USAGE, "%s, which is not supported by the selected %s
driver",
prefix, print_windows_driver(options->windows_driver));
}
else if (options->tuntap_options.ip_win32_type != IPW32_SET_DHCP_MASQ
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index f857ed1..1b79d42 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -6826,6 +6826,13 @@
open_tun(const char *dev, const char *dev_type, const char *dev_node, struct
tuntap *tt,
openvpn_net_ctx_t *ctx)
{
+if ((tt->options.dhcp_options & DHCP_OPTIONS_DHCP_REQUIRED)
+&& tt->windows_driver != WINDOWS_DRIVER_TAP_WINDOWS6)
+{
+msg(M_WARN, "Some --dhcp-option or --dns options require DHCP server,
which is not supported by the selected %s driver. They will be ignored.",
+print_windows_driver(tt->windows_driver));
+}
+
/* dco-win already opened the device, which handle we treat as socket */
if (tuntap_is_dco_win(tt))
{
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/424?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: release/2.6
Gerrit-Change-Id: Ie512544329a91fae15409cb18f29d8be617051a1
Gerrit-Change-Number: 424
Gerrit-PatchSet: 3
Gerrit-Owner: stipa
Gerrit-Reviewer: flichtenheld
Gerrit-Reviewer: plaisthos
Gerrit-CC: openvpn-devel
Gerrit-Attention: plaisthos
Gerrit-Attention: flichtenheld
Gerrit-Attention: stipa
Gerrit-MessageType: newpatchset
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [XS] Change in openvpn[release/2.6]: Make --dns options apply for tap-windows6 driver
Attention is currently required from: d12fk, flichtenheld, plaisthos. stipa has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/423?usp=email ) Change subject: Make --dns options apply for tap-windows6 driver .. Patch Set 2: (1 comment) File src/openvpn/options.c: http://gerrit.openvpn.net/c/openvpn/+/423/comment/36cbef03_760b5ca6 : PS1, Line 8018: options->tuntap_options.dhcp_options |= DHCP_OPTIONS_DHCP_REQUIRED; > I would move this to tuntap_options_copy_dns() function. Also avoids the > additional #ifdefs. […] Done -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/423?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: release/2.6 Gerrit-Change-Id: I24f43ad319bd1ca530fe17442d02a97412eb75c7 Gerrit-Change-Number: 423 Gerrit-PatchSet: 2 Gerrit-Owner: stipa Gerrit-Reviewer: d12fk Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: flichtenheld Gerrit-Attention: d12fk Gerrit-Comment-Date: Fri, 10 Nov 2023 17:55:09 + Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: flichtenheld Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [XS] Change in openvpn[master]: platform.c: Do not depend Windows build on HAVE_CHDIR
Attention is currently required from: flichtenheld, plaisthos. stipa has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/425?usp=email ) Change subject: platform.c: Do not depend Windows build on HAVE_CHDIR .. Patch Set 1: Code-Review+2 (1 comment) Patchset: PS1: Makes sense, we can assume that _wchdir always exists on Windows. We still have the broken detection of chdir, though - on Windows we need to search for chdir in direct.h. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/425?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I0c78ce452135fe2c80275da449215ba926471018 Gerrit-Change-Number: 425 Gerrit-PatchSet: 1 Gerrit-Owner: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-Reviewer: stipa Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: flichtenheld Gerrit-Comment-Date: Fri, 10 Nov 2023 17:53:31 + Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [XS] Change in openvpn[release/2.6]: Make --dns options apply for tap-windows6 driver
Attention is currently required from: d12fk, plaisthos, stipa.
Hello d12fk, flichtenheld, plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/423?usp=email
to look at the new patch set (#2).
Change subject: Make --dns options apply for tap-windows6 driver
..
Make --dns options apply for tap-windows6 driver
When tap-windows6 driver is used, both --dhcp-option and
--dns options are applied with DHCP. When processing --dns options,
we don't set "tuntap_options.dhcp_options" member, which is required
for DHCP string to be sent to the driver. As a result, --dns options
are not applied at all.
Fix by adding missing assignment of tuntap_options.dhcp_options.
Fixes https://github.com/OpenVPN/openvpn/issues/447
Change-Id: I24f43ad319bd1ca530fe17442d02a97412eb75c7
Signed-off-by: Lev Stipakov
---
M src/openvpn/options.c
1 file changed, 3 insertions(+), 0 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/23/423/2
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 631ac73..f8d0b2e 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -1372,6 +1372,8 @@
{
msg(M_WARN, "WARNING: couldn't copy all --dns search-domains to
--dhcp-option");
}
+
+tt->dhcp_options |= DHCP_OPTIONS_DHCP_REQUIRED;
}
if (dns->servers)
@@ -1409,6 +1411,7 @@
{
msg(M_WARN, "WARNING: couldn't copy all --dns server addresses to
--dhcp-option");
}
+tt->dhcp_options |= DHCP_OPTIONS_DHCP_OPTIONAL;
}
}
#else /* if defined(_WIN32) || defined(TARGET_ANDROID) */
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/423?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: release/2.6
Gerrit-Change-Id: I24f43ad319bd1ca530fe17442d02a97412eb75c7
Gerrit-Change-Number: 423
Gerrit-PatchSet: 2
Gerrit-Owner: stipa
Gerrit-Reviewer: d12fk
Gerrit-Reviewer: flichtenheld
Gerrit-Reviewer: plaisthos
Gerrit-CC: openvpn-devel
Gerrit-Attention: plaisthos
Gerrit-Attention: d12fk
Gerrit-Attention: stipa
Gerrit-MessageType: newpatchset
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[release/2.6]: Warn if pushed options require DHCP
Attention is currently required from: flichtenheld, plaisthos, stipa.
Hello flichtenheld, plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/424?usp=email
to look at the new patch set (#2).
The following approvals got outdated and were removed:
Code-Review-1 by flichtenheld
Change subject: Warn if pushed options require DHCP
..
Warn if pushed options require DHCP
Some pushed options (such as DOMAIN-SEARCH) require
DHCP server to work. Warn user that some options
will not work if the current driver (such as dco-win)
doesn't support DHCP.
Change-Id: Ie512544329a91fae15409cb18f29d8be617051a1
Signed-off-by: Lev Stipakov
---
M src/openvpn/options.c
M src/openvpn/tun.c
2 files changed, 9 insertions(+), 2 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/24/424/2
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index f8d0b2e..d6558b6 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -2486,10 +2486,10 @@
if (options->tuntap_options.dhcp_options & DHCP_OPTIONS_DHCP_REQUIRED)
{
-const char *prefix = "Some dhcp-options require DHCP server";
+const char *prefix = "Some dhcp-options (or --dns) require DHCP
server";
if (options->windows_driver != WINDOWS_DRIVER_TAP_WINDOWS6)
{
-msg(M_USAGE, "%s, which is not supported by selected %s driver",
+msg(M_USAGE, "%s, which is not supported by the selected %s
driver",
prefix, print_windows_driver(options->windows_driver));
}
else if (options->tuntap_options.ip_win32_type != IPW32_SET_DHCP_MASQ
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index f857ed1..1b79d42 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -6826,6 +6826,13 @@
open_tun(const char *dev, const char *dev_type, const char *dev_node, struct
tuntap *tt,
openvpn_net_ctx_t *ctx)
{
+if ((tt->options.dhcp_options & DHCP_OPTIONS_DHCP_REQUIRED)
+&& tt->windows_driver != WINDOWS_DRIVER_TAP_WINDOWS6)
+{
+msg(M_WARN, "Some --dhcp-option or --dns options require DHCP server,
which is not supported by the selected %s driver. They will be ignored.",
+print_windows_driver(tt->windows_driver));
+}
+
/* dco-win already opened the device, which handle we treat as socket */
if (tuntap_is_dco_win(tt))
{
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/424?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: release/2.6
Gerrit-Change-Id: Ie512544329a91fae15409cb18f29d8be617051a1
Gerrit-Change-Number: 424
Gerrit-PatchSet: 2
Gerrit-Owner: stipa
Gerrit-Reviewer: flichtenheld
Gerrit-Reviewer: plaisthos
Gerrit-CC: openvpn-devel
Gerrit-Attention: plaisthos
Gerrit-Attention: flichtenheld
Gerrit-Attention: stipa
Gerrit-MessageType: newpatchset
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[release/2.6]: Warn if pushed options require DHCP
Attention is currently required from: flichtenheld, plaisthos.
Hello plaisthos, flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/424?usp=email
to review the following change.
Change subject: Warn if pushed options require DHCP
..
Warn if pushed options require DHCP
Some pushed options (such as DOMAIN-SEARCH) require
DHCP server to work. Warn user that some options
will not work if the current driver (such as dco-win)
doesn't support DHCP.
While on it, indicate that "--dns search-domains"
option requires DHCP.
Change-Id: Ie512544329a91fae15409cb18f29d8be617051a1
Signed-off-by: Lev Stipakov
---
M src/openvpn/options.c
M src/openvpn/tun.c
2 files changed, 9 insertions(+), 2 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/24/424/1
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index e793a96..3b09d3e 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -2483,10 +2483,10 @@
if (options->tuntap_options.dhcp_options & DHCP_OPTIONS_DHCP_REQUIRED)
{
-const char *prefix = "Some dhcp-options require DHCP server";
+const char *prefix = "Some dhcp-options (or --dns) require DHCP
server";
if (options->windows_driver != WINDOWS_DRIVER_TAP_WINDOWS6)
{
-msg(M_USAGE, "%s, which is not supported by selected %s driver",
+msg(M_USAGE, "%s, which is not supported by the selected %s
driver",
prefix, print_windows_driver(options->windows_driver));
}
else if (options->tuntap_options.ip_win32_type != IPW32_SET_DHCP_MASQ
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index f857ed1..986134c 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -6826,6 +6826,13 @@
open_tun(const char *dev, const char *dev_type, const char *dev_node, struct
tuntap *tt,
openvpn_net_ctx_t *ctx)
{
+if ((tt->options.dhcp_options & DHCP_OPTIONS_DHCP_REQUIRED)
+&& tt->windows_driver != WINDOWS_DRIVER_TAP_WINDOWS6)
+{
+msg(M_WARN, "Some dhcp-options or --dns require DHCP server, which is
not supported by the selected %s driver. Expect them not to work.",
+print_windows_driver(tt->windows_driver));
+}
+
/* dco-win already opened the device, which handle we treat as socket */
if (tuntap_is_dco_win(tt))
{
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/424?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: release/2.6
Gerrit-Change-Id: Ie512544329a91fae15409cb18f29d8be617051a1
Gerrit-Change-Number: 424
Gerrit-PatchSet: 1
Gerrit-Owner: stipa
Gerrit-Reviewer: flichtenheld
Gerrit-Reviewer: plaisthos
Gerrit-CC: openvpn-devel
Gerrit-Attention: plaisthos
Gerrit-Attention: flichtenheld
Gerrit-MessageType: newchange
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [XS] Change in openvpn[release/2.6]: Make --dns options apply for tap-windows6 driver
Attention is currently required from: flichtenheld, plaisthos.
Hello plaisthos, flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/423?usp=email
to review the following change.
Change subject: Make --dns options apply for tap-windows6 driver
..
Make --dns options apply for tap-windows6 driver
When tap-windows6 driver is used, both --dhcp-option and
--dns options are applied with DHCP. When processing --dns options,
we don't set "tuntap_options.dhcp_options" member, which is required
for DHCP string to be sent to the driver. As a result, --dns options
are not applied at all.
Fix by adding missing assignment of tuntap_options.dhcp_options.
Fixes https://github.com/OpenVPN/openvpn/issues/447
Change-Id: I24f43ad319bd1ca530fe17442d02a97412eb75c7
Signed-off-by: Lev Stipakov
---
M src/openvpn/options.c
1 file changed, 6 insertions(+), 0 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/23/423/1
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 631ac73..e793a96 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -8014,6 +8014,9 @@
if (streq(p[1], "search-domains") && p[2])
{
dns_domain_list_append(>dns_options.search_domains,
[2], >dns_options.gc);
+#ifdef _WIN32
+options->tuntap_options.dhcp_options |= DHCP_OPTIONS_DHCP_REQUIRED;
+#endif
}
else if (streq(p[1], "server") && p[2] && p[3] && p[4])
{
@@ -8090,6 +8093,9 @@
msg(msglevel, "--dns server %ld: unknown option type '%s' or
missing or unknown parameter", priority, p[3]);
goto err;
}
+#ifdef _WIN32
+options->tuntap_options.dhcp_options |= DHCP_OPTIONS_DHCP_OPTIONAL;
+#endif
}
else
{
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/423?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: release/2.6
Gerrit-Change-Id: I24f43ad319bd1ca530fe17442d02a97412eb75c7
Gerrit-Change-Number: 423
Gerrit-PatchSet: 1
Gerrit-Owner: stipa
Gerrit-Reviewer: flichtenheld
Gerrit-Reviewer: plaisthos
Gerrit-CC: openvpn-devel
Gerrit-Attention: plaisthos
Gerrit-Attention: flichtenheld
Gerrit-MessageType: newchange
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[release/2.6]: dco: warn if DATA_V1 packets are sent to userspace
Attention is currently required from: flichtenheld, plaisthos, stipa.
Hello flichtenheld, plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/368?usp=email
to look at the new patch set (#2).
The following approvals got outdated and were removed:
Code-Review+2 by flichtenheld, Code-Review+2 by plaisthos
The change is no longer submittable: Code-Review and checks~ChecksSubmitRule
are unsatisfied now.
Change subject: dco: warn if DATA_V1 packets are sent to userspace
..
dco: warn if DATA_V1 packets are sent to userspace
Servers 2.4.0 - 2.4.4 support peer-id and AEAD ciphers,
but only send DATA_V1 packets. With DCO enabled on the
client, connection is established but not working.
This is because DCO driver(s) are unable to handle
DATA_V1 packets and forwards them to userspace, where
they silently disappear since crypto context is in
DCO and not in userspace.
Starting from 2.4.5 server sends DATA_V2 so problem
doesn't happen.
We cannot switch to non-DCO on the fly, so we log this
and advice user to upgrade the server to 2.4.5 or newer.
This fixes https://github.com/OpenVPN/openvpn/issues/422
Change-Id: I8cb2cb083e3cdadf187b7874979d79af3974e759
Signed-off-by: Lev Stipakov
---
M src/openvpn/forward.c
1 file changed, 20 insertions(+), 3 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/68/368/2
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index d8ad0d1..40f21bc 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -1047,6 +1047,24 @@
if (c->c2.tls_multi)
{
+uint8_t opcode = *BPTR(>c2.buf) >> P_OPCODE_SHIFT;
+
+/*
+ * If DCO is enabled, the kernel drivers require that the
+ * other end only sends P_DATA_V2 packets. V1 are unknown
+ * to kernel and passed to userland, but we cannot handle them
+ * either because crypto context is missing - so drop the packet.
+ *
+ * This can only happen with particular old (2.4.0-2.4.4) servers.
+ */
+if ((opcode == P_DATA_V1) && dco_enabled(>options))
+{
+msg(D_LINK_ERRORS,
+"Data Channel Offload doesn't support DATA_V1 packets. "
+"Upgrade your server to 2.4.5 or newer.");
+c->c2.buf.len = 0;
+}
+
/*
* If tls_pre_decrypt returns true, it means the incoming
* packet was a good TLS control channel packet. If so, TLS code
@@ -1057,9 +1075,8 @@
* will load crypto_options with the correct encryption key
* and return false.
*/
-uint8_t opcode = *BPTR(>c2.buf) >> P_OPCODE_SHIFT;
-if (tls_pre_decrypt(c->c2.tls_multi, >c2.from, >c2.buf, ,
-floated, _start))
+if (tls_pre_decrypt(c->c2.tls_multi, >c2.from, >c2.buf,
+, floated, _start))
{
/* Restore pre-NCP frame parameters */
if (is_hard_reset_method2(opcode))
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/368?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: release/2.6
Gerrit-Change-Id: I8cb2cb083e3cdadf187b7874979d79af3974e759
Gerrit-Change-Number: 368
Gerrit-PatchSet: 2
Gerrit-Owner: stipa
Gerrit-Reviewer: flichtenheld
Gerrit-Reviewer: plaisthos
Gerrit-CC: openvpn-devel
Gerrit-Attention: plaisthos
Gerrit-Attention: flichtenheld
Gerrit-Attention: stipa
Gerrit-MessageType: newpatchset
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[release/2.6]: dco: warn if DATA_V1 packets are sent to userspace
Attention is currently required from: flichtenheld.
Hello flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/368?usp=email
to review the following change.
Change subject: dco: warn if DATA_V1 packets are sent to userspace
..
dco: warn if DATA_V1 packets are sent to userspace
Servers 2.4.0 - 2.4.4 support peer-id and AEAD ciphers,
but only send DATA_V1 packets. With DCO enabled on the
client, connection is established but not working.
This is because DCO driver(s) are unable to handle
DATA_V1 packets and forwards them to userspace, where
they silently disappear since crypto context is in
DCO and not in userspace.
Starting from 2.4.5 server sends DATA_V2 so problem
doesn't happen.
We cannot switch to non-DCO on the fly, so we log this
and advice user to upgrade the server to 2.4.5 or newer.
This fixes https://github.com/OpenVPN/openvpn/issues/422
Change-Id: I8cb2cb083e3cdadf187b7874979d79af3974e759
Signed-off-by: Lev Stipakov
---
M src/openvpn/forward.c
1 file changed, 10 insertions(+), 2 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/68/368/1
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index d8ad0d1..66843b4 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -1058,8 +1058,16 @@
* and return false.
*/
uint8_t opcode = *BPTR(>c2.buf) >> P_OPCODE_SHIFT;
-if (tls_pre_decrypt(c->c2.tls_multi, >c2.from, >c2.buf, ,
-floated, _start))
+
+if ((opcode == P_DATA_V1) && dco_enabled(>options))
+{
+msg(D_LINK_ERRORS,
+"Data Channel Offload doesn't support DATA_V1 packets. "
+"Upgrade your server to 2.4.5 or newer.");
+c->c2.buf.len = 0;
+}
+else if (tls_pre_decrypt(c->c2.tls_multi, >c2.from, >c2.buf,
+ , floated, _start))
{
/* Restore pre-NCP frame parameters */
if (is_hard_reset_method2(opcode))
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/368?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: release/2.6
Gerrit-Change-Id: I8cb2cb083e3cdadf187b7874979d79af3974e759
Gerrit-Change-Number: 368
Gerrit-PatchSet: 1
Gerrit-Owner: stipa
Gerrit-Reviewer: flichtenheld
Gerrit-CC: openvpn-devel
Gerrit-Attention: flichtenheld
Gerrit-MessageType: newchange
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[release/2.6]: dco-win: get driver version
Attention is currently required from: flichtenheld.
Hello flichtenheld,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/367?usp=email
to look at the new patch set (#3).
Change subject: dco-win: get driver version
..
dco-win: get driver version
Print dco-win driver version using the new ioctl.
Requires dco-win driver 1.0.0 or newer to work.
Change-Id: I1d0d909e7fca3f51b5c848f1a771a989ab040f17
Signed-off-by: Lev Stipakov
---
M src/openvpn/dco_win.c
M src/openvpn/ovpn_dco_win.h
2 files changed, 33 insertions(+), 1 deletion(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/67/367/3
diff --git a/src/openvpn/dco_win.c b/src/openvpn/dco_win.c
index 53f1523..a775c82 100644
--- a/src/openvpn/dco_win.c
+++ b/src/openvpn/dco_win.c
@@ -386,7 +386,32 @@
const char *
dco_version_string(struct gc_arena *gc)
{
-return "v0";
+OVPN_VERSION version;
+ZeroMemory(, sizeof(OVPN_VERSION));
+
+/* try to open device by symbolic name */
+HANDLE h = CreateFile(".\\ovpn-dco", GENERIC_READ | GENERIC_WRITE,
+ 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM |
FILE_FLAG_OVERLAPPED, NULL);
+
+if (h == INVALID_HANDLE_VALUE)
+{
+return "N/A";
+}
+
+DWORD bytes_returned = 0;
+if (!DeviceIoControl(h, OVPN_IOCTL_GET_VERSION, NULL, 0,
+ , sizeof(version), _returned, NULL))
+{
+CloseHandle(h);
+return "N/A";
+}
+
+CloseHandle(h);
+
+struct buffer out = alloc_buf_gc(256, gc);
+buf_printf(, "%ld.%ld.%ld", version.Major, version.Minor,
version.Patch);
+
+return BSTR();
}
int
diff --git a/src/openvpn/ovpn_dco_win.h b/src/openvpn/ovpn_dco_win.h
index cbbdf92..ea2a733 100644
--- a/src/openvpn/ovpn_dco_win.h
+++ b/src/openvpn/ovpn_dco_win.h
@@ -100,6 +100,12 @@
LONG MSS;
} OVPN_SET_PEER, * POVPN_SET_PEER;
+typedef struct _OVPN_VERSION {
+LONG Major;
+LONG Minor;
+LONG Patch;
+} OVPN_VERSION, * POVPN_VERSION;
+
#define OVPN_IOCTL_NEW_PEER CTL_CODE(FILE_DEVICE_UNKNOWN, 1,
METHOD_BUFFERED, FILE_ANY_ACCESS)
#define OVPN_IOCTL_GET_STATSCTL_CODE(FILE_DEVICE_UNKNOWN, 2,
METHOD_BUFFERED, FILE_ANY_ACCESS)
#define OVPN_IOCTL_NEW_KEY CTL_CODE(FILE_DEVICE_UNKNOWN, 3,
METHOD_BUFFERED, FILE_ANY_ACCESS)
@@ -107,3 +113,4 @@
#define OVPN_IOCTL_SET_PEER CTL_CODE(FILE_DEVICE_UNKNOWN, 5,
METHOD_BUFFERED, FILE_ANY_ACCESS)
#define OVPN_IOCTL_START_VPNCTL_CODE(FILE_DEVICE_UNKNOWN, 6,
METHOD_BUFFERED, FILE_ANY_ACCESS)
#define OVPN_IOCTL_DEL_PEER CTL_CODE(FILE_DEVICE_UNKNOWN, 7,
METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define OVPN_IOCTL_GET_VERSION CTL_CODE(FILE_DEVICE_UNKNOWN, 8,
METHOD_BUFFERED, FILE_ANY_ACCESS)
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/367?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: release/2.6
Gerrit-Change-Id: I1d0d909e7fca3f51b5c848f1a771a989ab040f17
Gerrit-Change-Number: 367
Gerrit-PatchSet: 3
Gerrit-Owner: stipa
Gerrit-Reviewer: flichtenheld
Gerrit-CC: openvpn-devel
Gerrit-Attention: flichtenheld
Gerrit-MessageType: newpatchset
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[release/2.6]: dco-win: get driver version
Attention is currently required from: flichtenheld.
Hello flichtenheld,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/367?usp=email
to look at the new patch set (#2).
Change subject: dco-win: get driver version
..
dco-win: get driver version
Print dco-win driver version using the new ioctl.
Requires dco-win driver 1.0.0 or newer to work.
Change-Id: I1d0d909e7fca3f51b5c848f1a771a989ab040f17
Signed-off-by: Lev Stipakov
---
M src/openvpn/dco_win.c
M src/openvpn/ovpn_dco_win.h
2 files changed, 33 insertions(+), 1 deletion(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/67/367/2
diff --git a/src/openvpn/dco_win.c b/src/openvpn/dco_win.c
index 53f1523..9dc3961 100644
--- a/src/openvpn/dco_win.c
+++ b/src/openvpn/dco_win.c
@@ -386,7 +386,32 @@
const char *
dco_version_string(struct gc_arena *gc)
{
-return "v0";
+OVPN_VERSION version;
+ZeroMemory(, sizeof(OVPN_VERSION));
+
+/* try to open device by symbolic name */
+HANDLE h = CreateFile(".\\ovpn-dco", GENERIC_READ | GENERIC_WRITE,
+ 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM |
FILE_FLAG_OVERLAPPED, NULL);
+
+if (h == INVALID_HANDLE_VALUE)
+{
+return "N/A";
+}
+
+DWORD bytes_returned = 0;
+if (!DeviceIoControl(h, OVPN_IOCTL_GET_VERSION, NULL, 0,
+ , sizeof(version), _returned, NULL))
+{
+CloseHandle(h);
+return "N/A";
+}
+
+CloseHandle(h);
+
+struct buffer out = alloc_buf_gc(256, gc);
+buf_printf(, "%d.%d.%d", version.Major, version.Minor, version.Patch);
+
+return BSTR();
}
int
diff --git a/src/openvpn/ovpn_dco_win.h b/src/openvpn/ovpn_dco_win.h
index cbbdf92..ea2a733 100644
--- a/src/openvpn/ovpn_dco_win.h
+++ b/src/openvpn/ovpn_dco_win.h
@@ -100,6 +100,12 @@
LONG MSS;
} OVPN_SET_PEER, * POVPN_SET_PEER;
+typedef struct _OVPN_VERSION {
+LONG Major;
+LONG Minor;
+LONG Patch;
+} OVPN_VERSION, * POVPN_VERSION;
+
#define OVPN_IOCTL_NEW_PEER CTL_CODE(FILE_DEVICE_UNKNOWN, 1,
METHOD_BUFFERED, FILE_ANY_ACCESS)
#define OVPN_IOCTL_GET_STATSCTL_CODE(FILE_DEVICE_UNKNOWN, 2,
METHOD_BUFFERED, FILE_ANY_ACCESS)
#define OVPN_IOCTL_NEW_KEY CTL_CODE(FILE_DEVICE_UNKNOWN, 3,
METHOD_BUFFERED, FILE_ANY_ACCESS)
@@ -107,3 +113,4 @@
#define OVPN_IOCTL_SET_PEER CTL_CODE(FILE_DEVICE_UNKNOWN, 5,
METHOD_BUFFERED, FILE_ANY_ACCESS)
#define OVPN_IOCTL_START_VPNCTL_CODE(FILE_DEVICE_UNKNOWN, 6,
METHOD_BUFFERED, FILE_ANY_ACCESS)
#define OVPN_IOCTL_DEL_PEER CTL_CODE(FILE_DEVICE_UNKNOWN, 7,
METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define OVPN_IOCTL_GET_VERSION CTL_CODE(FILE_DEVICE_UNKNOWN, 8,
METHOD_BUFFERED, FILE_ANY_ACCESS)
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/367?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: release/2.6
Gerrit-Change-Id: I1d0d909e7fca3f51b5c848f1a771a989ab040f17
Gerrit-Change-Number: 367
Gerrit-PatchSet: 2
Gerrit-Owner: stipa
Gerrit-Reviewer: flichtenheld
Gerrit-CC: openvpn-devel
Gerrit-Attention: flichtenheld
Gerrit-MessageType: newpatchset
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[release/2.6]: dco-win: get driver version
Attention is currently required from: flichtenheld.
Hello flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/367?usp=email
to review the following change.
Change subject: dco-win: get driver version
..
dco-win: get driver version
Print dco-win driver version using the new ioctl.
Requires dco-win driver 1.0.0 or newer to work.
Change-Id: I1d0d909e7fca3f51b5c848f1a771a989ab040f17
Signed-off-by: Lev Stipakov
---
M src/openvpn/dco_win.c
M src/openvpn/ovpn_dco_win.h
2 files changed, 33 insertions(+), 1 deletion(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/67/367/1
diff --git a/src/openvpn/dco_win.c b/src/openvpn/dco_win.c
index 53f1523..75daae2 100644
--- a/src/openvpn/dco_win.c
+++ b/src/openvpn/dco_win.c
@@ -386,7 +386,32 @@
const char *
dco_version_string(struct gc_arena *gc)
{
-return "v0";
+OVPN_VERSION version;
+ZeroMemory(, sizeof(OVPN_VERSION));
+
+/* try to open device by symbolic name */
+HANDLE h = CreateFile(".\\ovpn-dco", GENERIC_READ | GENERIC_WRITE,
+0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM | FILE_FLAG_OVERLAPPED,
NULL);
+
+if (h == INVALID_HANDLE_VALUE)
+{
+return "N/A";
+}
+
+DWORD bytes_returned = 0;
+if (!DeviceIoControl(h, OVPN_IOCTL_GET_VERSION, NULL, 0,
+, sizeof(version), _returned, NULL))
+{
+CloseHandle(h);
+return "N/A";
+}
+
+CloseHandle(h);
+
+struct buffer out = alloc_buf_gc(256, gc);
+buf_printf(, "%d.%d.%d", version.Major, version.Minor, version.Patch);
+
+return BSTR();
}
int
diff --git a/src/openvpn/ovpn_dco_win.h b/src/openvpn/ovpn_dco_win.h
index cbbdf92..ea2a733 100644
--- a/src/openvpn/ovpn_dco_win.h
+++ b/src/openvpn/ovpn_dco_win.h
@@ -100,6 +100,12 @@
LONG MSS;
} OVPN_SET_PEER, * POVPN_SET_PEER;
+typedef struct _OVPN_VERSION {
+LONG Major;
+LONG Minor;
+LONG Patch;
+} OVPN_VERSION, * POVPN_VERSION;
+
#define OVPN_IOCTL_NEW_PEER CTL_CODE(FILE_DEVICE_UNKNOWN, 1,
METHOD_BUFFERED, FILE_ANY_ACCESS)
#define OVPN_IOCTL_GET_STATSCTL_CODE(FILE_DEVICE_UNKNOWN, 2,
METHOD_BUFFERED, FILE_ANY_ACCESS)
#define OVPN_IOCTL_NEW_KEY CTL_CODE(FILE_DEVICE_UNKNOWN, 3,
METHOD_BUFFERED, FILE_ANY_ACCESS)
@@ -107,3 +113,4 @@
#define OVPN_IOCTL_SET_PEER CTL_CODE(FILE_DEVICE_UNKNOWN, 5,
METHOD_BUFFERED, FILE_ANY_ACCESS)
#define OVPN_IOCTL_START_VPNCTL_CODE(FILE_DEVICE_UNKNOWN, 6,
METHOD_BUFFERED, FILE_ANY_ACCESS)
#define OVPN_IOCTL_DEL_PEER CTL_CODE(FILE_DEVICE_UNKNOWN, 7,
METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define OVPN_IOCTL_GET_VERSION CTL_CODE(FILE_DEVICE_UNKNOWN, 8,
METHOD_BUFFERED, FILE_ANY_ACCESS)
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/367?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: release/2.6
Gerrit-Change-Id: I1d0d909e7fca3f51b5c848f1a771a989ab040f17
Gerrit-Change-Number: 367
Gerrit-PatchSet: 1
Gerrit-Owner: stipa
Gerrit-Reviewer: flichtenheld
Gerrit-CC: openvpn-devel
Gerrit-Attention: flichtenheld
Gerrit-MessageType: newchange
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [XL] Change in openvpn[release/2.6]: CMake: backport CMake buildsystem from master to release/2.6
Attention is currently required from: d12fk, flichtenheld. stipa has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/315?usp=email ) Change subject: CMake: backport CMake buildsystem from master to release/2.6 .. Patch Set 2: Code-Review+2 (1 comment) File README.cmake.md: http://gerrit.openvpn.net/c/openvpn/+/315/comment/f39fcf5a_d00bbdc2 : PS2, Line 33: Enviroment environment -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/315?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: release/2.6 Gerrit-Change-Id: I6de18261d5dc7f8561612184059656c73f33a5f2 Gerrit-Change-Number: 315 Gerrit-PatchSet: 2 Gerrit-Owner: flichtenheld Gerrit-Reviewer: d12fk Gerrit-Reviewer: stipa Gerrit-CC: openvpn-devel Gerrit-Attention: flichtenheld Gerrit-Attention: d12fk Gerrit-Comment-Date: Mon, 25 Sep 2023 09:50:56 + Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [XS] Change in openvpn[master]: CMake: fix HAVE_DAEMON detection on Linux
Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/362?usp=email to review the following change. Change subject: CMake: fix HAVE_DAEMON detection on Linux .. CMake: fix HAVE_DAEMON detection on Linux On Linux, daemon() is defined in unistd.h, not in stdlib.h like in MacOS or FreeBSD. Change-Id: I30f4ea502a36eca155cbc79b89c0d18ee3419877 Signed-off-by: Lev Stipakov --- M CMakeLists.txt 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/62/362/1 diff --git a/CMakeLists.txt b/CMakeLists.txt index 9de6aba..76351c1 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -158,7 +158,7 @@ check_symbol_exists(gettimeofday sys/time.h HAVE_GETTIMEOFDAY) check_symbol_exists(basename libgen.h HAVE_BASENAME) check_symbol_exists(chsize io.h HAVE_CHSIZE) -check_symbol_exists(daemon stdlib.h HAVE_DAEMON) +check_symbol_exists(daemon "unistd.h;stdlib.h" HAVE_DAEMON) check_symbol_exists(dirname libgen.h HAVE_DIRNAME) check_symbol_exists(getrlimit sys/resource.h HAVE_GETRLIMIT) check_symbol_exists(mlockall sys/mman.h HAVE_MLOCKALL) -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/362?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I30f4ea502a36eca155cbc79b89c0d18ee3419877 Gerrit-Change-Number: 362 Gerrit-PatchSet: 1 Gerrit-Owner: stipa Gerrit-Reviewer: flichtenheld Gerrit-CC: openvpn-devel Gerrit-Attention: flichtenheld Gerrit-MessageType: newchange ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: CMake: various small non-functional improvements
Attention is currently required from: d12fk, flichtenheld. stipa has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/342?usp=email ) Change subject: CMake: various small non-functional improvements .. Patch Set 1: Code-Review+2 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/342?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I4e16767ee221e1aefdd18d13b3411c27d8dd844a Gerrit-Change-Number: 342 Gerrit-PatchSet: 1 Gerrit-Owner: flichtenheld Gerrit-Reviewer: d12fk Gerrit-Reviewer: stipa Gerrit-CC: openvpn-devel Gerrit-Attention: flichtenheld Gerrit-Attention: d12fk Gerrit-Comment-Date: Tue, 19 Sep 2023 12:22:30 + Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: CMake: various small non-functional improvements
Attention is currently required from: d12fk, flichtenheld. stipa has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/342?usp=email ) Change subject: CMake: various small non-functional improvements .. Patch Set 1: (1 comment) Patchset: PS1: Acked-by: Lev Stipakov -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/342?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I4e16767ee221e1aefdd18d13b3411c27d8dd844a Gerrit-Change-Number: 342 Gerrit-PatchSet: 1 Gerrit-Owner: flichtenheld Gerrit-Reviewer: d12fk Gerrit-Reviewer: stipa Gerrit-CC: openvpn-devel Gerrit-Attention: flichtenheld Gerrit-Attention: d12fk Gerrit-Comment-Date: Tue, 19 Sep 2023 12:22:53 + Gerrit-HasComments: Yes Gerrit-Has-Labels: No Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[release/2.6]: Make cert_data.h and test_cryptoapi/pkcs11.c MSVC compliant
Attention is currently required from: flichtenheld. stipa has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/312?usp=email ) Change subject: Make cert_data.h and test_cryptoapi/pkcs11.c MSVC compliant .. Patch Set 1: Code-Review+2 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/312?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: release/2.6 Gerrit-Change-Id: Ifb961a4df2b8b8300633192e1a268669f6f41a35 Gerrit-Change-Number: 312 Gerrit-PatchSet: 1 Gerrit-Owner: flichtenheld Gerrit-Reviewer: d12fk Gerrit-Reviewer: selvanair Gerrit-Reviewer: stipa Gerrit-CC: openvpn-devel Gerrit-Attention: flichtenheld Gerrit-Comment-Date: Tue, 19 Sep 2023 07:51:08 + Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[release/2.6]: Make cert_data.h and test_cryptoapi/pkcs11.c MSVC compliant
Attention is currently required from: flichtenheld. stipa has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/312?usp=email ) Change subject: Make cert_data.h and test_cryptoapi/pkcs11.c MSVC compliant .. Patch Set 1: (1 comment) Patchset: PS1: Acked-by: Lev Stipakov -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/312?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: release/2.6 Gerrit-Change-Id: Ifb961a4df2b8b8300633192e1a268669f6f41a35 Gerrit-Change-Number: 312 Gerrit-PatchSet: 1 Gerrit-Owner: flichtenheld Gerrit-Reviewer: d12fk Gerrit-Reviewer: selvanair Gerrit-Reviewer: stipa Gerrit-CC: openvpn-devel Gerrit-Attention: flichtenheld Gerrit-Comment-Date: Tue, 19 Sep 2023 07:51:32 + Gerrit-HasComments: Yes Gerrit-Has-Labels: No Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: CMake: fix broken daemonization and syslog functionality
Attention is currently required from: flichtenheld.
Hello flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/341?usp=email
to review the following change.
Change subject: CMake: fix broken daemonization and syslog functionality
..
CMake: fix broken daemonization and syslog functionality
While CMake is not the official way to build OpenVPN on Linux,
it still make sense to support it. Turns out that
HAVE_SETSID, HAVE_OPENLOG and HAVE_SYSLOG
were not set by CMake configure, and --daemon and syslog
functionality was broken.
While on it, fix compiler error on unused return value of chdir().
Change-Id: I171d55da2be868d961caa1d4491e6f1ed10ebe8a
Signed-off-by: Lev Stipakov
---
M CMakeLists.txt
M config.h.cmake.in
M src/compat/compat-daemon.c
3 files changed, 8 insertions(+), 4 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/41/341/1
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 7dae665..9de6aba 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -150,6 +150,7 @@
check_symbol_exists(ftruncate unistd.h HAVE_FTRUNCATE)
check_symbol_exists(setgid unistd.h HAVE_SETGID)
check_symbol_exists(setuid unistd.h HAVE_SETUID)
+check_symbol_exists(setsid unistd.h HAVE_SETSID)
check_symbol_exists(getpeereid unistd.h HAVE_GETPEEREID)
check_symbol_exists(epoll_create sys/epoll.h HAVE_EPOLL_CREATE)
diff --git a/config.h.cmake.in b/config.h.cmake.in
index 4f28917..f2cdd39 100644
--- a/config.h.cmake.in
+++ b/config.h.cmake.in
@@ -218,7 +218,7 @@
#undef HAVE_NICE
/* Define to 1 if you have the `openlog' function. */
-#undef HAVE_OPENLOG
+#cmakedefine HAVE_OPENLOG
/* OpenSSL engine support available */
#undef HAVE_OPENSSL_ENGINE
@@ -258,7 +258,7 @@
#undef HAVE_SETGROUPS
/* Define to 1 if you have the `setsid' function. */
-#undef HAVE_SETSID
+#cmakedefine HAVE_SETSID
/* Define to 1 if you have the `setsockopt' function. */
#define HAVE_SETSOCKOPT 1
@@ -303,7 +303,7 @@
#undef HAVE_STRSEP
/* Define to 1 if you have the `syslog' function. */
-#undef HAVE_SYSLOG
+#cmakedefine HAVE_SYSLOG
/* Define to 1 if you have the header file. */
#cmakedefine HAVE_SYSLOG_H
diff --git a/src/compat/compat-daemon.c b/src/compat/compat-daemon.c
index aebb8f4..5c6d740 100644
--- a/src/compat/compat-daemon.c
+++ b/src/compat/compat-daemon.c
@@ -70,7 +70,10 @@
if (!nochdir)
{
-chdir("/");
+if (chdir("/") == -1)
+{
+return (-1);
+}
}
if (!noclose)
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/341?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I171d55da2be868d961caa1d4491e6f1ed10ebe8a
Gerrit-Change-Number: 341
Gerrit-PatchSet: 1
Gerrit-Owner: stipa
Gerrit-Reviewer: flichtenheld
Gerrit-CC: openvpn-devel
Gerrit-Attention: flichtenheld
Gerrit-MessageType: newchange
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: GHA: do not trigger builds in openvpn-build anymore
Attention is currently required from: cron2, flichtenheld. stipa has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/328?usp=email ) Change subject: GHA: do not trigger builds in openvpn-build anymore .. Patch Set 1: (1 comment) Patchset: PS1: We should probably remove that GHA secret if it is not needed anymore. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/328?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I8b00d7d79a26ad4aaae529cb496e125398169b50 Gerrit-Change-Number: 328 Gerrit-PatchSet: 1 Gerrit-Owner: flichtenheld Gerrit-Reviewer: cron2 Gerrit-Reviewer: stipa Gerrit-CC: openvpn-devel Gerrit-Attention: cron2 Gerrit-Attention: flichtenheld Gerrit-Comment-Date: Thu, 14 Sep 2023 11:40:09 + Gerrit-HasComments: Yes Gerrit-Has-Labels: No Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: GHA: do not trigger builds in openvpn-build anymore
Attention is currently required from: cron2, flichtenheld. stipa has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/328?usp=email ) Change subject: GHA: do not trigger builds in openvpn-build anymore .. Patch Set 1: Code-Review+2 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/328?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I8b00d7d79a26ad4aaae529cb496e125398169b50 Gerrit-Change-Number: 328 Gerrit-PatchSet: 1 Gerrit-Owner: flichtenheld Gerrit-Reviewer: cron2 Gerrit-Reviewer: stipa Gerrit-CC: openvpn-devel Gerrit-Attention: cron2 Gerrit-Attention: flichtenheld Gerrit-Comment-Date: Thu, 14 Sep 2023 11:39:17 + Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [M] Change in openvpn[master]: dns option: remove support for exclude-domains
Attention is currently required from: d12fk, flichtenheld, plaisthos. stipa has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/39?usp=email ) Change subject: dns option: remove support for exclude-domains .. Patch Set 6: Code-Review+2 (2 comments) Patchset: PS6: Looks good to me. I wonder why we decided to add this option initially if no resolvers support it. File doc/man-sections/client-options.rst: http://gerrit.openvpn.net/c/openvpn/+/39/comment/c2458c42_e3d89d93 : PS6, Line 197: configuration, will ignore this setting. Comma is not needed before "will ignore this setting" -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/39?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I7f422add22f3f01e9f47985065782dd67bca46eb Gerrit-Change-Number: 39 Gerrit-PatchSet: 6 Gerrit-Owner: d12fk Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-Reviewer: stipa Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: flichtenheld Gerrit-Attention: d12fk Gerrit-Comment-Date: Thu, 14 Sep 2023 11:37:36 + Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [XS] Change in openvpn[release/2.6]: Support for long INFO/INFO_PRE messages
stipa has abandoned this change. ( http://gerrit.openvpn.net/c/openvpn/+/327?usp=email ) Change subject: Support for long INFO/INFO_PRE messages .. Abandoned We decided that this is a server bug, it is not supposed to send that long INFO mesagess. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/327?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: release/2.6 Gerrit-Change-Id: I2139b62117ba69d643b585d2610e8aef15f71d3e Gerrit-Change-Number: 327 Gerrit-PatchSet: 2 Gerrit-Owner: stipa Gerrit-Reviewer: flichtenheld Gerrit-CC: openvpn-devel Gerrit-CC: plaisthos Gerrit-MessageType: abandon ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[release/2.6]: Warn user if INFO control command is too long
Attention is currently required from: flichtenheld.
Hello flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/329?usp=email
to review the following change.
Change subject: Warn user if INFO control command is too long
..
Warn user if INFO control command is too long
"INFO_PRE,..." command length is limited to 256 bytes. If the server
implementation pushes command which is too long, warn the user and
don't send the truncated command to a management client.
Change-Id: If3c27a2a2ba24f2af0e3e3c95eea57ed420b2542
Signed-off-by: Lev Stipakov
---
M src/openvpn/push.c
1 file changed, 8 insertions(+), 2 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/29/329/1
diff --git a/src/openvpn/push.c b/src/openvpn/push.c
index d468211..19849c5 100644
--- a/src/openvpn/push.c
+++ b/src/openvpn/push.c
@@ -244,8 +244,14 @@
* for management greeting and we don't want to confuse the client
*/
struct buffer out = alloc_buf_gc(256, );
-buf_printf(, ">%s:%s", "INFOMSG", m);
-management_notify_generic(management, BSTR());
+if (buf_printf(, ">%s:%s", "INFOMSG", m))
+{
+management_notify_generic(management, BSTR());
+}
+else
+{
+msg(D_PUSH_ERRORS, "WARNING: Received INFO command is too long,
won't notify management client.");
+}
gc_free();
}
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/329?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: release/2.6
Gerrit-Change-Id: If3c27a2a2ba24f2af0e3e3c95eea57ed420b2542
Gerrit-Change-Number: 329
Gerrit-PatchSet: 1
Gerrit-Owner: stipa
Gerrit-Reviewer: flichtenheld
Gerrit-CC: openvpn-devel
Gerrit-Attention: flichtenheld
Gerrit-MessageType: newchange
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [XS] Change in openvpn[release/2.6]: Support for long INFO/INFO_PRE messages
Attention is currently required from: flichtenheld.
stipa has posted comments on this change. (
http://gerrit.openvpn.net/c/openvpn/+/327?usp=email )
Change subject: Support for long INFO/INFO_PRE messages
..
Patch Set 2:
(1 comment)
File src/openvpn/push.c:
http://gerrit.openvpn.net/c/openvpn/+/327/comment/a70eded3_8b1ba798 :
PS1, Line 246: struct buffer out = alloc_buf_gc(1 + 7 + 1 + BLEN()
+ 1, );
> "1 + 7 + 1" -> strlen(">INFOMSG:") […]
Acknowledged
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/327?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: release/2.6
Gerrit-Change-Id: I2139b62117ba69d643b585d2610e8aef15f71d3e
Gerrit-Change-Number: 327
Gerrit-PatchSet: 2
Gerrit-Owner: stipa
Gerrit-Reviewer: flichtenheld
Gerrit-CC: openvpn-devel
Gerrit-Attention: flichtenheld
Gerrit-Comment-Date: Mon, 04 Sep 2023 15:44:36 +
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: flichtenheld
Gerrit-MessageType: comment
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [XS] Change in openvpn[release/2.6]: Support for long INFO/INFO_PRE messages
Attention is currently required from: flichtenheld, stipa. Hello flichtenheld, I'd like you to reexamine a change. Please visit http://gerrit.openvpn.net/c/openvpn/+/327?usp=email to look at the new patch set (#2). The following approvals got outdated and were removed: Code-Review+1 by flichtenheld Change subject: Support for long INFO/INFO_PRE messages .. Support for long INFO/INFO_PRE messages Current hardcoded limit is not defined anywhere and the server (CloudConnexa) sends the longer string in some cases. Change-Id: I2139b62117ba69d643b585d2610e8aef15f71d3e Signed-off-by: Lev Stipakov --- M src/openvpn/push.c 1 file changed, 4 insertions(+), 2 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/27/327/2 diff --git a/src/openvpn/push.c b/src/openvpn/push.c index d468211..722bfce 100644 --- a/src/openvpn/push.c +++ b/src/openvpn/push.c @@ -42,6 +42,8 @@ static char push_reply_cmd[] = "PUSH_REPLY"; +#define INFOMSG_MAN ">INFOMSG:" + /* * Auth username/password * @@ -243,8 +245,8 @@ * We use >INFOMSG here instead of plain >INFO since INFO is used to * for management greeting and we don't want to confuse the client */ -struct buffer out = alloc_buf_gc(256, ); -buf_printf(, ">%s:%s", "INFOMSG", m); +struct buffer out = alloc_buf_gc(strlen(INFOMSG_MAN) + BLEN(), ); +buf_printf(, "%s%s", INFOMSG_MAN, m); management_notify_generic(management, BSTR()); gc_free(); -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/327?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: release/2.6 Gerrit-Change-Id: I2139b62117ba69d643b585d2610e8aef15f71d3e Gerrit-Change-Number: 327 Gerrit-PatchSet: 2 Gerrit-Owner: stipa Gerrit-Reviewer: flichtenheld Gerrit-CC: openvpn-devel Gerrit-Attention: flichtenheld Gerrit-Attention: stipa Gerrit-MessageType: newpatchset ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [XS] Change in openvpn[release/2.6]: Support for long INFO/INFO_PRE messages
Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/327?usp=email to review the following change. Change subject: Support for long INFO/INFO_PRE messages .. Support for long INFO/INFO_PRE messages Current hardcoded limit is not defined anywhere and the server (CloudConnexa) sends the longer string in some cases. Change-Id: I2139b62117ba69d643b585d2610e8aef15f71d3e Signed-off-by: Lev Stipakov --- M src/openvpn/push.c 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/27/327/1 diff --git a/src/openvpn/push.c b/src/openvpn/push.c index d468211..663cfbd 100644 --- a/src/openvpn/push.c +++ b/src/openvpn/push.c @@ -243,7 +243,7 @@ * We use >INFOMSG here instead of plain >INFO since INFO is used to * for management greeting and we don't want to confuse the client */ -struct buffer out = alloc_buf_gc(256, ); +struct buffer out = alloc_buf_gc(1 + 7 + 1 + BLEN() + 1, ); buf_printf(, ">%s:%s", "INFOMSG", m); management_notify_generic(management, BSTR()); -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/327?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: release/2.6 Gerrit-Change-Id: I2139b62117ba69d643b585d2610e8aef15f71d3e Gerrit-Change-Number: 327 Gerrit-PatchSet: 1 Gerrit-Owner: stipa Gerrit-Reviewer: flichtenheld Gerrit-CC: openvpn-devel Gerrit-Attention: flichtenheld Gerrit-MessageType: newchange ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [M] Change in openvpn[release/2.6]: Set WINS servers via interactice service
Attention is currently required from: cron2, flichtenheld, ordex, plaisthos, selvanair. stipa has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/321?usp=email ) Change subject: Set WINS servers via interactice service .. Patch Set 3: (1 comment) File include/openvpn-msg.h: http://gerrit.openvpn.net/c/openvpn/+/321/comment/14635399_26d4dd36 : PS3, Line 45: msg_del_wins_cfg > A general comment/question: wasn't the existing (unused) "msg_add_nbt_cfg" > etc meant for adding wins […] Not sure. There is also unused nbt_cfg_message_t but at present it cannot be used to pass more than two addresses and has other members which will be unused if we are to implement passing WINS addresses only. I was thinking to remove those unused pieces but probably not it this commit. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/321?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: release/2.6 Gerrit-Change-Id: I47c22dcb728011dcedaae47cd03a57219e9c7607 Gerrit-Change-Number: 321 Gerrit-PatchSet: 3 Gerrit-Owner: stipa Gerrit-Reviewer: cron2 Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: ordex Gerrit-Reviewer: plaisthos Gerrit-Reviewer: selvanair Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: cron2 Gerrit-Attention: flichtenheld Gerrit-Attention: ordex Gerrit-Attention: selvanair Gerrit-Comment-Date: Tue, 01 Aug 2023 06:26:29 + Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: selvanair Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [XL] Change in openvpn[release/2.6]: add basic CMake based build
stipa has abandoned this change. ( http://gerrit.openvpn.net/c/openvpn/+/322?usp=email ) Change subject: add basic CMake based build .. Abandoned Submitted by mistake -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/322?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: release/2.6 Gerrit-Change-Id: I666314a223d324ca72dbe7ba7d22f764996d3ca2 Gerrit-Change-Number: 322 Gerrit-PatchSet: 1 Gerrit-Owner: stipa Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-MessageType: abandon ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [M] Change in openvpn[release/2.6]: Set WINS servers via interactice service
Attention is currently required from: cron2, flichtenheld, ordex, plaisthos, selvanair. stipa has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/321?usp=email ) Change subject: Set WINS servers via interactice service .. Patch Set 3: (3 comments) File src/openvpnserv/interactive.c: http://gerrit.openvpn.net/c/openvpn/+/321/comment/0b804f50_4d9c1022 : PS1, Line 1089: * @param action "delete" or "add" > Right. I copypasted it from DNS version which uses add. Done http://gerrit.openvpn.net/c/openvpn/+/321/comment/8542b98a_e7eb2982 : PS1, Line 1094: * if action = "set" then "static" is added before $addr > Good point. […] Done http://gerrit.openvpn.net/c/openvpn/+/321/comment/7183cc1d_59f0330f : PS1, Line 1436: if (msg->addr_len > 0) > Should not matter here, copypaste from similar DNS function. But I can change > it. Done -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/321?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: release/2.6 Gerrit-Change-Id: I47c22dcb728011dcedaae47cd03a57219e9c7607 Gerrit-Change-Number: 321 Gerrit-PatchSet: 3 Gerrit-Owner: stipa Gerrit-Reviewer: cron2 Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: ordex Gerrit-Reviewer: plaisthos Gerrit-Reviewer: selvanair Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: cron2 Gerrit-Attention: flichtenheld Gerrit-Attention: ordex Gerrit-Attention: selvanair Gerrit-Comment-Date: Mon, 31 Jul 2023 11:30:27 + Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: flichtenheld Comment-In-Reply-To: stipa Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [M] Change in openvpn[release/2.6]: Set WINS servers via interactice service
Attention is currently required from: cron2, flichtenheld, ordex, plaisthos, selvanair. stipa has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/321?usp=email ) Change subject: Set WINS servers via interactice service .. Patch Set 3: (4 comments) File src/openvpnserv/interactive.c: http://gerrit.openvpn.net/c/openvpn/+/321/comment/6605e8bb_4222a8d1 : PS1, Line 1089: * @param action "delete" or "add" > This says "add" but the rest of the function seems to use "set". […] Right. I copypasted it from DNS version which uses add. http://gerrit.openvpn.net/c/openvpn/+/321/comment/b9b566c1_c7e3b460 : PS1, Line 1094: * if action = "set" then "static" is added before $addr > Why are you using "set" here? The documentation (https://learn.microsoft. […] Good point. The reason I use "set" is because I checked the logs of current implementation which uses "set". Idea of multiple WINS servers slipped from my mind. I checked the code and we use "set + static" for the first server and "set" for the rest, if any. Will to the same here. http://gerrit.openvpn.net/c/openvpn/+/321/comment/bf8912f9_5365fe44 : PS1, Line 1406: if (addr_len > 0 || msg->header.type == msg_del_wins_cfg) > Is there ever a case where this would be false? Normally no, but this request comes from unprivileged userspace process, which we probably do not want to trust. http://gerrit.openvpn.net/c/openvpn/+/321/comment/0b1bcdb1_cc02227e : PS1, Line 1436: if (msg->addr_len > 0) > Nitpick: Should be addr_len, not msg->addr_len Should not matter here, copypaste from similar DNS function. But I can change it. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/321?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: release/2.6 Gerrit-Change-Id: I47c22dcb728011dcedaae47cd03a57219e9c7607 Gerrit-Change-Number: 321 Gerrit-PatchSet: 3 Gerrit-Owner: stipa Gerrit-Reviewer: cron2 Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: ordex Gerrit-Reviewer: plaisthos Gerrit-Reviewer: selvanair Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: cron2 Gerrit-Attention: flichtenheld Gerrit-Attention: ordex Gerrit-Attention: selvanair Gerrit-Comment-Date: Mon, 31 Jul 2023 11:28:31 + Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: flichtenheld Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [XL] Change in openvpn[release/2.6]: add basic CMake based build
Attention is currently required from: flichtenheld, plaisthos.
stipa has uploaded this change for review. (
http://gerrit.openvpn.net/c/openvpn/+/322?usp=email )
Change subject: add basic CMake based build
..
add basic CMake based build
This helps with IDE integration among other things.
This is a basic implementation for development purposes
that can't replace any of the existing release builds.
Change-Id: I666314a223d324ca72dbe7ba7d22f764996d3ca2
Signed-off-by: Arne Schwabe
Signed-off-by: Frank Lichtenheld
---
A CMakeLists.txt
A config.h.cmake.in
M src/openvpn/lzo.h
3 files changed, 1,091 insertions(+), 1 deletion(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/22/322/1
diff --git a/CMakeLists.txt b/CMakeLists.txt
new file mode 100644
index 000..9978ea4
--- /dev/null
+++ b/CMakeLists.txt
@@ -0,0 +1,591 @@
+ cmake_minimum_required(VERSION 3.3)
+project(openvpn)
+
+# This CMake file implements building OpenVPN with CMAKE
+#
+# Note that this is *NOT* the official way to build openvpn on anything
+# other than Windows/mingw despite working on other platforms too. You will
need
+# to add -DUNSUPPORTED_BUILDS=true to build on non Windows platforms.
+#
+# This cmake also makes a few assertions like lzo, lz4 being used
+# and OpenSSL having version 1.1.1+ and generally does not offer the same
+# configurability like autoconf
+
+#
-DCMAKE_TOOLCHAIN_FILE=C:/Users/User/source/repos/vcpkg/scripts/buildsystems/vcpkg.cmake
+#-DVCPKG_OVERLAY_PORTS=C:/Users/User/source/repos/openvpn/contrib/vcpkg-ports
+#-GNinja
+
+option(UNSUPPORTED_BUILDS "Allow unsupported builds" OFF)
+
+if (NOT WIN32 AND NOT ${UNSUPPORTED_BUILDS})
+message(FATAL_ERROR "Note: on Unix platform the official and supported
build method is using autoconfig. CMake based build should be only used for
Windows and internal testing/development.")
+endif()
+
+option(MBED "BUILD with mbed" OFF)
+option(WOLFSSL "BUILD with wolfSSL" OFF)
+if (MSVC)
+option(USE_WERROR "Treat compiler warnings as errors (-Werror)" OFF)
+else ()
+option(USE_WERROR "Treat compiler warnings as errors (-Werror)" ON)
+endif ()
+option(PLUGIN_DIR "Location of the plugin directory"
/usr/local/lib/openvpn/plugins)
+
+# AddressSanitize - use CXX=clang++ CC=clang cmake -DCMAKE_BUILD_TYPE=asan to
build with ASAN
+set(CMAKE_C_FLAGS_ASAN
+"-fsanitize=address,undefined -fno-sanitize-recover=all
-fno-optimize-sibling-calls -fsanitize-address-use-after-scope
-fno-omit-frame-pointer -g -O1"
+CACHE STRING "Flags used by the C compiler during AddressSanitizer
builds."
+FORCE)
+set(CMAKE_CXX_FLAGS_ASAN
+"-fsanitize=address,undefined -fno-sanitize-recover=all
-fno-optimize-sibling-calls -fsanitize-address-use-after-scope
-fno-omit-frame-pointer -g -O1"
+CACHE STRING "Flags used by the C++ compiler during AddressSanitizer
builds."
+FORCE)
+
+if (MSVC)
+target_compile_options(${target} PRIVATE /W3)
+else ()
+add_compile_options(-Wall -Wuninitialized)
+# We are not ready for this
+#add_compile_options(-Wsign-compare)
+endif ()
+
+find_package(PkgConfig)
+INCLUDE(CheckSymbolExists)
+INCLUDE(CheckIncludeFiles)
+INCLUDE(CheckTypeSize)
+INCLUDE(CheckStructHasMember)
+
+set(OPENVPN_VERSION_MAJOR 2)
+set(OPENVPN_VERSION_MINOR 6)
+set(OPENVPN_VERSION_PATCH _git)
+
+if (NOT WIN32)
+add_definitions(-DPLUGIN_LIBDIR=\"${PLUGIN_DIR}\")
+endif ()
+
+# TODO remove later when msvc-config.h is removed and we can always include
config.h
+add_definitions(-DHAVE_CONFIG_H)
+
+
+# Set the various defines for config.h.cmake.in
+if (${CMAKE_SYSTEM_NAME} STREQUAL "Linux")
+set(TARGET_LINUX YES)
+set(ENABLE_ASYNC_PUSH YES)
+set(ENABLE_LINUXDCO YES)
+set(ENABLE_SITNL YES)
+set(HAVE_DECL_SO_MARK YES)
+set(ENABLE_FEATURE_TUN_PERSIST 1)
+set(HAVE_LINUX_TYPES_H 1)
+set(ENABLE_DCO YES)
+set(HAVE_CMSGHDR YES)
+elseif (${CMAKE_SYSTEM_NAME} STREQUAL "FreeBSD")
+set(TARGET_FREEBSD YES)
+set(ENABLE_DCO YES)
+link_libraries(-lnv)
+elseif (WIN32)
+set(ENABLE_DCO YES)
+elseif (APPLE)
+set(TARGET_DARWIN YES)
+set(HAVE_NET_IF_UTUN_H YES)
+endif ()
+
+if (UNIX)
+set(PATH_SEPARATOR /)
+set(ENABLE_PORT_SHARE YES)
+set(HAVE_SA_FAMILY_T YES)
+elseif (WIN32)
+set(PATH_SEPARATOR )
+set(TARGET_WIN32 YES)
+endif ()
+
+CHECK_SYMBOL_EXISTS(chroot unistd.h HAVE_CHROOT)
+CHECK_SYMBOL_EXISTS(chdir unistd.h HAVE_CHDIR)
+CHECK_SYMBOL_EXISTS(dup unistd.h HAVE_DUP)
+CHECK_SYMBOL_EXISTS(dup2 unistd.h HAVE_DUP2)
+CHECK_SYMBOL_EXISTS(fork unistd.h HAVE_FORK)
+CHECK_SYMBOL_EXISTS(execve unistd.h HAVE_EXECVE)
+CHECK_SYMBOL_EXISTS(ftruncate unistd.h HAVE_FTRUNCATE)
+CHECK_SYMBOL_EXISTS(setgid unistd.h HAVE_SETGID)
+CHECK_SYMBOL_EXISTS(setuid unistd.h HAVE_SETUID)
+CHECK_SYMBOL_EXISTS(getpeereid unistd.h HAVE_GETPEEREID)
+
+CHECK_SYMBOL_EXISTS(epoll_create sys/epoll.h HAVE_EPOLL_CREATE)
+
[Openvpn-devel] [M] Change in openvpn[release/2.6]: Set WINS servers via interactice service
Attention is currently required from: cron2, ordex, plaisthos, selvanair, stipa.
Hello cron2, flichtenheld, ordex, plaisthos, selvanair,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/321?usp=email
to look at the new patch set (#2).
Change subject: Set WINS servers via interactice service
..
Set WINS servers via interactice service
At the moments WINS servers are set either:
- via DHCP, which works only for tap-windows6 driver
- via netsh when running without interactice service
This means that in 2.6 default setup (interactive service and dco)
WINS is silently ignored.
Add WINS support for non-DHCP drivers (like dco) by passing
WINS settings to interactive service and set them there with
netsh call, similar approach as we use for setting DNS.
Fixes https://github.com/OpenVPN/openvpn/issues/373
Change-Id: I47c22dcb728011dcedaae47cd03a57219e9c7607
Signed-off-by: Lev Stipakov
---
M include/openvpn-msg.h
M src/openvpn/tun.c
M src/openvpnserv/interactive.c
3 files changed, 226 insertions(+), 1 deletion(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/21/321/2
diff --git a/include/openvpn-msg.h b/include/openvpn-msg.h
index 8cd2631..a1464cd 100644
--- a/include/openvpn-msg.h
+++ b/include/openvpn-msg.h
@@ -40,7 +40,9 @@
msg_register_dns,
msg_enable_dhcp,
msg_register_ring_buffers,
-msg_set_mtu
+msg_set_mtu,
+msg_add_wins_cfg,
+msg_del_wins_cfg
} message_type_t;
typedef struct {
@@ -89,6 +91,13 @@
typedef struct {
message_header_t header;
interface_t iface;
+int addr_len;
+inet_address_t addr[4]; /* support up to 4 dns addresses */
+} wins_cfg_message_t;
+
+typedef struct {
+message_header_t header;
+interface_t iface;
int disable_nbt;
int nbt_type;
char scope_id[256];
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 4ef390a..f5c698c 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -282,6 +282,72 @@
}
static bool
+do_wins_service(bool add, const struct tuntap *tt)
+{
+bool ret = false;
+ack_message_t ack;
+struct gc_arena gc = gc_new();
+HANDLE pipe = tt->options.msg_channel;
+int len = tt->options.wins_len;
+int addr_len = add ? len : 0;
+
+if (addr_len == 0 && add) /* no addresses to add */
+{
+return true;
+}
+
+wins_cfg_message_t wins = {
+.header = {
+(add ? msg_add_wins_cfg : msg_del_wins_cfg),
+sizeof(wins_cfg_message_t),
+0
+},
+.iface = {.index = tt->adapter_index, .name = "" },
+.addr_len = addr_len
+};
+
+/* interface name is required */
+strncpy(wins.iface.name, tt->actual_name, sizeof(wins.iface.name));
+wins.iface.name[sizeof(wins.iface.name) - 1] = '\0';
+
+if (addr_len > _countof(wins.addr))
+{
+addr_len = _countof(wins.addr);
+wins.addr_len = addr_len;
+msg(M_WARN, "Number of WINS addresses sent to service truncated to %d",
+addr_len);
+}
+
+for (int i = 0; i < addr_len; ++i)
+{
+wins.addr[i].ipv4.s_addr = htonl(tt->options.wins[i]);
+}
+
+msg(D_LOW, "%s WINS servers on '%s' (if_index = %d) using service",
+(add ? "Setting" : "Deleting"), wins.iface.name, wins.iface.index);
+
+if (!send_msg_iservice(pipe, , sizeof(wins), , "TUN"))
+{
+goto out;
+}
+
+if (ack.error_number != NO_ERROR)
+{
+msg(M_WARN, "TUN: %s WINS failed using service: %s [status=%u
if_name=%s]",
+(add ? "adding" : "deleting"), strerror_win32(ack.error_number,
),
+ack.error_number, wins.iface.name);
+goto out;
+}
+
+msg(M_INFO, "WINS servers %s using service", (add ? "set" : "deleted"));
+ret = true;
+
+out:
+gc_free();
+return ret;
+}
+
+static bool
do_set_mtu_service(const struct tuntap *tt, const short family, const int mtu)
{
bool ret = false;
@@ -1557,6 +1623,7 @@
do_address_service(true, AF_INET, tt);
do_dns_service(true, AF_INET, tt);
do_dns_domain_service(true, tt);
+do_wins_service(true, tt);
}
else
{
@@ -6979,6 +7046,7 @@
}
else if (tt->options.msg_channel)
{
+do_wins_service(false, tt);
do_dns_domain_service(false, tt);
do_dns_service(false, AF_INET, tt);
do_address_service(false, AF_INET, tt);
diff --git a/src/openvpnserv/interactive.c b/src/openvpnserv/interactive.c
index d73cef0..a47db8a 100644
--- a/src/openvpnserv/interactive.c
+++ b/src/openvpnserv/interactive.c
@@ -93,6 +93,7 @@
undo_dns6,
undo_domain,
undo_ring_buffer,
+undo_wins,
_undo_type_max
} undo_type_t;
typedef list_item_t *undo_lists_t[_undo_type_max];
@@ -1084,6 +1085,63 @@
}
/**
+ * Run the command: netsh interface ip $action wins $if_name [static] $addr
[Openvpn-devel] [M] Change in openvpn[release/2.6]: Set WINS servers via interactice service
Attention is currently required from: flichtenheld.
Hello flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/321?usp=email
to review the following change.
Change subject: Set WINS servers via interactice service
..
Set WINS servers via interactice service
At the moments WINS servers are set either:
- via DHCP, which works only for tap-windows6 driver
- via netsh when running without interactice service
This means that in 2.6 default setup (interactive service and dco)
WINS is silently ignored.
Add WINS support for non-DHCP drivers (like dco) by passing
WINS settings to interactive service and set them there with
netsh call, similar approach as we use for setting DNS.
Fixes https://github.com/OpenVPN/openvpn/issues/373
Change-Id: I47c22dcb728011dcedaae47cd03a57219e9c7607
Signed-off-by: Lev Stipakov
---
M include/openvpn-msg.h
M src/openvpn/tun.c
M src/openvpnserv/interactive.c
3 files changed, 240 insertions(+), 1 deletion(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/21/321/1
diff --git a/include/openvpn-msg.h b/include/openvpn-msg.h
index 8cd2631..a1464cd 100644
--- a/include/openvpn-msg.h
+++ b/include/openvpn-msg.h
@@ -40,7 +40,9 @@
msg_register_dns,
msg_enable_dhcp,
msg_register_ring_buffers,
-msg_set_mtu
+msg_set_mtu,
+msg_add_wins_cfg,
+msg_del_wins_cfg
} message_type_t;
typedef struct {
@@ -89,6 +91,13 @@
typedef struct {
message_header_t header;
interface_t iface;
+int addr_len;
+inet_address_t addr[4]; /* support up to 4 dns addresses */
+} wins_cfg_message_t;
+
+typedef struct {
+message_header_t header;
+interface_t iface;
int disable_nbt;
int nbt_type;
char scope_id[256];
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index af959bb..1f2539d 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -282,6 +282,72 @@
}
static bool
+do_wins_service(bool add, const struct tuntap *tt)
+{
+bool ret = false;
+ack_message_t ack;
+struct gc_arena gc = gc_new();
+HANDLE pipe = tt->options.msg_channel;
+int len = tt->options.wins_len;
+int addr_len = add ? len : 0;
+
+if (addr_len == 0 && add) /* no addresses to add */
+{
+return true;
+}
+
+wins_cfg_message_t wins = {
+.header = {
+(add ? msg_add_wins_cfg : msg_del_wins_cfg),
+sizeof(wins_cfg_message_t),
+0
+},
+.iface = {.index = tt->adapter_index, .name = "" },
+.addr_len = addr_len
+};
+
+/* interface name is required */
+strncpy(wins.iface.name, tt->actual_name, sizeof(wins.iface.name));
+wins.iface.name[sizeof(wins.iface.name) - 1] = '\0';
+
+if (addr_len > _countof(wins.addr))
+{
+addr_len = _countof(wins.addr);
+wins.addr_len = addr_len;
+msg(M_WARN, "Number of WINS addresses sent to service truncated to %d",
+addr_len);
+}
+
+for (int i = 0; i < addr_len; ++i)
+{
+wins.addr[i].ipv4.s_addr = htonl(tt->options.wins[i]);
+}
+
+msg(D_LOW, "%s WINS servers on '%s' (if_index = %d) using service",
+(add ? "Setting" : "Deleting"), wins.iface.name, wins.iface.index);
+
+if (!send_msg_iservice(pipe, , sizeof(wins), , "TUN"))
+{
+goto out;
+}
+
+if (ack.error_number != NO_ERROR)
+{
+msg(M_WARN, "TUN: %s WINS failed using service: %s [status=%u
if_name=%s]",
+(add ? "adding" : "deleting"), strerror_win32(ack.error_number,
),
+ack.error_number, wins.iface.name);
+goto out;
+}
+
+msg(M_INFO, "WINS servers %s using service", (add ? "set" : "deleted"));
+ret = true;
+
+out:
+gc_free();
+return ret;
+}
+
+static bool
do_set_mtu_service(const struct tuntap *tt, const short family, const int mtu)
{
bool ret = false;
@@ -1557,6 +1623,7 @@
do_address_service(true, AF_INET, tt);
do_dns_service(true, AF_INET, tt);
do_dns_domain_service(true, tt);
+do_wins_service(true, tt);
}
else
{
@@ -6979,6 +7046,7 @@
}
else if (tt->options.msg_channel)
{
+do_wins_service(false, tt);
do_dns_domain_service(false, tt);
do_dns_service(false, AF_INET, tt);
do_address_service(false, AF_INET, tt);
diff --git a/src/openvpnserv/interactive.c b/src/openvpnserv/interactive.c
index d73cef0..6c54e62 100644
--- a/src/openvpnserv/interactive.c
+++ b/src/openvpnserv/interactive.c
@@ -93,6 +93,7 @@
undo_dns6,
undo_domain,
undo_ring_buffer,
+undo_wins,
_undo_type_max
} undo_type_t;
typedef list_item_t *undo_lists_t[_undo_type_max];
@@ -1084,6 +1085,63 @@
}
/**
+ * Run the command: netsh interface ip $action wins $if_name [static] $addr
+ * @param action "delete" or "add"
+ * @param if_name
[Openvpn-devel] [XL] Change in openvpn[release/2.6]: Remove all traces of the previous MSVC build system
Attention is currently required from: flichtenheld. stipa has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/316?usp=email ) Change subject: Remove all traces of the previous MSVC build system .. Patch Set 1: Code-Review+2 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/316?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: release/2.6 Gerrit-Change-Id: I807cffa40f18faa1adec4e15e84c032877a2b92e Gerrit-Change-Number: 316 Gerrit-PatchSet: 1 Gerrit-Owner: flichtenheld Gerrit-Reviewer: stipa Gerrit-CC: openvpn-devel Gerrit-Attention: flichtenheld Gerrit-Comment-Date: Mon, 24 Jul 2023 12:56:30 + Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [XL] Change in openvpn[release/2.6]: CMake: backport CMake buildsystem from master to release/2.6
Attention is currently required from: flichtenheld. stipa has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/315?usp=email ) Change subject: CMake: backport CMake buildsystem from master to release/2.6 .. Patch Set 1: Code-Review+2 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/315?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: release/2.6 Gerrit-Change-Id: I6de18261d5dc7f8561612184059656c73f33a5f2 Gerrit-Change-Number: 315 Gerrit-PatchSet: 1 Gerrit-Owner: flichtenheld Gerrit-Reviewer: stipa Gerrit-CC: openvpn-devel Gerrit-Attention: flichtenheld Gerrit-Comment-Date: Mon, 24 Jul 2023 12:52:49 + Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [XL] Change in openvpn[release/2.6]: CMake: backport CMake buildsystem from master to release/2.6
Attention is currently required from: flichtenheld. stipa has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/315?usp=email ) Change subject: CMake: backport CMake buildsystem from master to release/2.6 .. Patch Set 1: (1 comment) File CMakeLists.txt: http://gerrit.openvpn.net/c/openvpn/+/315/comment/a88d6de4_30bc577d : PS1, Line 294: # TODO remove later when msvc-config.h is removed and we can always include config.h This comment seems to be outdated, since we got rid of config-msvc.h -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/315?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: release/2.6 Gerrit-Change-Id: I6de18261d5dc7f8561612184059656c73f33a5f2 Gerrit-Change-Number: 315 Gerrit-PatchSet: 1 Gerrit-Owner: flichtenheld Gerrit-CC: openvpn-devel Gerrit-CC: stipa Gerrit-Attention: flichtenheld Gerrit-Comment-Date: Mon, 24 Jul 2023 12:48:53 + Gerrit-HasComments: Yes Gerrit-Has-Labels: No Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[release/2.6]: Print DCO client stats on SIGUSR2
stipa has uploaded this change for review. (
http://gerrit.openvpn.net/c/openvpn/+/202?usp=email )
Change subject: Print DCO client stats on SIGUSR2
..
Print DCO client stats on SIGUSR2
Change-Id: I465febdf7ee5fe573e88255844f718efb60f8e8a
Signed-off-by: Lev Stipakov
Acked-by: Gert Doering
Message-Id: <20230322113249.2039-1-lstipa...@gmail.com>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26471.html
Signed-off-by: Gert Doering
(cherry picked from commit d5238627e4fab93a6c09816c60eb90e237b626c3)
---
M src/openvpn/sig.c
M src/openvpn/sig.h
2 files changed, 10 insertions(+), 5 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/02/202/2
diff --git a/src/openvpn/sig.c b/src/openvpn/sig.c
index 5b89bb4..05c0054 100644
--- a/src/openvpn/sig.c
+++ b/src/openvpn/sig.c
@@ -300,18 +300,23 @@
* Triggered by SIGUSR2 or F2 on Windows.
*/
void
-print_status(const struct context *c, struct status_output *so)
+print_status(struct context *c, struct status_output *so)
{
struct gc_arena gc = gc_new();
status_reset(so);
+if (dco_enabled(>options))
+{
+dco_get_peer_stats(c);
+}
+
status_printf(so, "OpenVPN STATISTICS");
status_printf(so, "Updated,%s", time_string(0, 0, false, ));
status_printf(so, "TUN/TAP read bytes," counter_format,
c->c2.tun_read_bytes);
status_printf(so, "TUN/TAP write bytes," counter_format,
c->c2.tun_write_bytes);
-status_printf(so, "TCP/UDP read bytes," counter_format,
c->c2.link_read_bytes);
-status_printf(so, "TCP/UDP write bytes," counter_format,
c->c2.link_write_bytes);
+status_printf(so, "TCP/UDP read bytes," counter_format,
c->c2.link_read_bytes + c->c2.dco_read_bytes);
+status_printf(so, "TCP/UDP write bytes," counter_format,
c->c2.link_write_bytes + c->c2.dco_write_bytes);
status_printf(so, "Auth read bytes," counter_format,
c->c2.link_read_bytes_auth);
#ifdef USE_COMP
if (c->c2.comp_context)
@@ -402,7 +407,7 @@
}
static void
-process_sigusr2(const struct context *c)
+process_sigusr2(struct context *c)
{
struct status_output *so = status_open(NULL, 0, M_INFO, NULL, 0);
print_status(c, so);
diff --git a/src/openvpn/sig.h b/src/openvpn/sig.h
index 4858eb9..b09dfab 100644
--- a/src/openvpn/sig.h
+++ b/src/openvpn/sig.h
@@ -69,7 +69,7 @@
void print_signal(const struct signal_info *si, const char *title, int
msglevel);
-void print_status(const struct context *c, struct status_output *so);
+void print_status(struct context *c, struct status_output *so);
void remap_signal(struct context *c);
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/202?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: release/2.6
Gerrit-Change-Id: I465febdf7ee5fe573e88255844f718efb60f8e8a
Gerrit-Change-Number: 202
Gerrit-PatchSet: 2
Gerrit-Owner: stipa
Gerrit-Reviewer: cron2
Gerrit-Reviewer: d12fk
Gerrit-Reviewer: flichtenheld
Gerrit-Reviewer: ordex
Gerrit-Reviewer: plaisthos
Gerrit-CC: openvpn-devel
Gerrit-MessageType: newchange
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [XS] Change in openvpn[release/2.6]: Fix '--inactive 0' behavior for DCO
stipa has uploaded this change for review. (
http://gerrit.openvpn.net/c/openvpn/+/201?usp=email )
Change subject: Fix '--inactive 0' behavior for DCO
..
Fix '--inactive 0' behavior for DCO
Make sure we exit if is 0 (not set) and no traffic
was produced.
According to man page and non-DCO --inactive implementation,
we exit if amount of bytes produced is less than specified.
DCO implementation will do off-by-ones, but we consider it as okay
since we don't want to complicate code to handle both bytes=0 and >0
cases.
Change-Id: I4c089e486728a43bfe42596787c00355838311da
Signed-off-by: Lev Stipakov
Acked-by: Gert Doering
Message-Id: <20230322113408.2057-1-lstipa...@gmail.com>
URL:
https://www.mail-archive.com/search?l=mid=20230322113408.2057-1-lstipa...@gmail.com
Signed-off-by: Gert Doering
(cherry picked from commit 6c64b46b15476351ca19f9a8f3cb8185aa2c7e07)
---
M src/openvpn/forward.c
1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/01/201/2
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index 28a96f9..b3e0ba5 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -481,7 +481,7 @@
int64_t tot_bytes = c->c2.tun_read_bytes + c->c2.tun_write_bytes;
int64_t new_bytes = tot_bytes - c->c2.inactivity_bytes;
-if (new_bytes >= c->options.inactivity_minimum_bytes)
+if (new_bytes > c->options.inactivity_minimum_bytes)
{
c->c2.inactivity_bytes = tot_bytes;
event_timeout_reset(>c2.inactivity_interval);
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/201?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: release/2.6
Gerrit-Change-Id: I4c089e486728a43bfe42596787c00355838311da
Gerrit-Change-Number: 201
Gerrit-PatchSet: 2
Gerrit-Owner: stipa
Gerrit-Reviewer: cron2
Gerrit-Reviewer: d12fk
Gerrit-Reviewer: flichtenheld
Gerrit-Reviewer: ordex
Gerrit-Reviewer: plaisthos
Gerrit-CC: openvpn-devel
Gerrit-MessageType: newchange
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
