On 16/08/18 13:37, Gert Doering wrote: [...snip...] I do see the arguments on both sides here. And in particular where these warnings halts the compilation (which I think I read some where that newer GCC compilers would do by default). But ... Gert asks a few reasonable questions
> Anyway. Trying to understand the logic here - PLUGIN_DEF_AUTH is always > defined if ENABLE_DEF_AUTH is set, which seems to be the default setting. > > So, questions > > - is there actually some benefit in --disable-def-auth? code size, > performance, platform compatibility? > > - why do we have it in the first place? I tend to say no. ENABLE_DEF_AUTH is about deferred authentication. This has been enabled by default for so long, that I hardly think it would be an issue killing the possibility to turn off this feature. All it essentially does is to allow plug-ins to return OPENVPN_PLUGIN_FUNC_DEFERRED instead of OPENVPN_PLUGIN_FUNC_ERROR or OPENVPN_PLUGIN_FUNC_SUCCESS. This feature will also improve the authentication performance by not locking up other connected clients if the authentication backend is slow *and* implements support for deferred authentication. So there is a performance gain for authentication plugins making use of this feature. Otherwise, I do not expect much performance difference. > - can we get rid of it? I am definitely leaning towards "Yes!". This does grow the resulting binary by some bytes (I don't know how much; haven't checked), as it adds code which prepares a file the plug-in will use to write the final verdict of the authentication; plus the code paths related to polling this file the core OpenVPN process. If the If the code grows enough to validate the need for this macro, I am not so sure of. The only users I would expect might do builds with --disable-def-auth are the builds for embedded devices. But I don't know how much of a concern this is any more; this feature shouldn't double or half the size of the resulting code. There is also a related ./configure option: --enable-async-push. This adds inotify support, which reworks the polling model to be a notification based push model instead (iirc). But this I think makes sense to have as it is today for the time being. We might want to consider flipping it to be enabled by default, though. -- kind regards, David Sommerseth OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
