[Openvpn-devel] [S] Change in openvpn[master]: t_client.sh: conditionally skip ifconfig+route check
Attention is currently required from: flichtenheld, plaisthos.
Hello plaisthos, flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/768?usp=email
to review the following change.
Change subject: t_client.sh: conditionally skip ifconfig+route check
..
t_client.sh: conditionally skip ifconfig+route check
For --dev null or --dev-type af_unix:lwipopenvn tests, there will be
no visible change to ifconfig or route output, so tests will fail
("how can this be?"). Set EXPECT_IFCONFIG4_=- to skip this
check.
(Simply leaving both EXPECT_IFCONFIG* vars empty and using that as
trigger would interfere with the magic from commit df0b00c25)
Change-Id: Iec1953415afb53755488dd44407568e72d28e854
Signed-off-by: Gert Doering
---
M tests/t_client.sh.in
1 file changed, 11 insertions(+), 6 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/68/768/1
diff --git a/tests/t_client.sh.in b/tests/t_client.sh.in
index f6654dd..3b9209d 100755
--- a/tests/t_client.sh.in
+++ b/tests/t_client.sh.in
@@ -225,6 +225,7 @@
expect_list="$@"
if [ -z "$expect_list" ] ; then return ; fi
+if [ "$expect_list" = "-" ] ; then return ; fi
for expect in $expect_list
do
@@ -404,13 +405,17 @@
output "save ifconfig+route"
get_ifconfig_route >$LOGDIR/$SUF:ifconfig_route.txt
-output -n "compare pre-openvpn ifconfig+route with current values..."
-if diff $LOGDIR/$SUF:ifconfig_route_pre.txt \
- $LOGDIR/$SUF:ifconfig_route.txt >/dev/null
-then
- fail "no differences between ifconfig/route before OpenVPN start and
now."
+if [ "$expect_ifconfig4" == "-" ] ; then
+output "skip ifconfig+route check"
else
- output " OK!\n"
+ output -n "compare pre-openvpn ifconfig+route with current values..."
+ if diff $LOGDIR/$SUF:ifconfig_route_pre.txt \
+ $LOGDIR/$SUF:ifconfig_route.txt >/dev/null
+ then
+ fail "no differences between ifconfig/route before OpenVPN start
and now."
+ else
+ output " OK!\n"
+ fi
fi
# post init script needed?
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/768?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: Iec1953415afb53755488dd44407568e72d28e854
Gerrit-Change-Number: 768
Gerrit-PatchSet: 1
Gerrit-Owner: cron2
Gerrit-Reviewer: flichtenheld
Gerrit-Reviewer: plaisthos
Gerrit-CC: openvpn-devel
Gerrit-Attention: plaisthos
Gerrit-Attention: flichtenheld
Gerrit-MessageType: newchange
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [M] Change in openvpn[master]: pass link_socket object to i/o functions
ordex has abandoned this change. ( http://gerrit.openvpn.net/c/openvpn/+/431?usp=email ) Change subject: pass link_socket object to i/o functions .. Abandoned -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/431?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Id2e06723003a78ee237f0542aa1ab0cb3734e37b Gerrit-Change-Number: 431 Gerrit-PatchSet: 1 Gerrit-Owner: ordex Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-MessageType: abandon ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [L] Change in openvpn[master]: io_work: convert shift argument to uintptr_t
ordex has abandoned this change. ( http://gerrit.openvpn.net/c/openvpn/+/432?usp=email ) Change subject: io_work: convert shift argument to uintptr_t .. Abandoned -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/432?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Id5c50dc754837ddb9a9414d8f38982f75e99bace Gerrit-Change-Number: 432 Gerrit-PatchSet: 1 Gerrit-Owner: ordex Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-MessageType: abandon ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [XL] Change in openvpn[master]: multiproto: move generic event handling code in dedicated files
ordex has abandoned this change. ( http://gerrit.openvpn.net/c/openvpn/+/441?usp=email ) Change subject: multiproto: move generic event handling code in dedicated files .. Abandoned -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/441?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Id2d7957f5950115d9baade4c09fd9679b01f749b Gerrit-Change-Number: 441 Gerrit-PatchSet: 1 Gerrit-Owner: ordex Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-MessageType: abandon ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: if a local IPv6 address is provided, socket must be v6-only
ordex has abandoned this change. ( http://gerrit.openvpn.net/c/openvpn/+/435?usp=email ) Change subject: if a local IPv6 address is provided, socket must be v6-only .. Abandoned -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/435?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I7a3349c7de4202b5eb2f576e3f8a82a9af6f7f31 Gerrit-Change-Number: 435 Gerrit-PatchSet: 1 Gerrit-Owner: ordex Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-MessageType: abandon ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [M] Change in openvpn[master]: allow user to specify 'local' multiple times in config files
Attention is currently required from: flichtenheld, plaisthos. ordex has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/436?usp=email ) Change subject: allow user to specify 'local' multiple times in config files .. Set Ready For Review -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/436?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I4d1c96662c5a8c750d883e3b20adde09529e2764 Gerrit-Change-Number: 436 Gerrit-PatchSet: 2 Gerrit-Owner: ordex Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: flichtenheld Gerrit-Comment-Date: Tue, 24 Sep 2024 20:43:29 + Gerrit-HasComments: No Gerrit-Has-Labels: No Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: io_work: pass event_arg object to event handler in case of socket event
ordex has abandoned this change. ( http://gerrit.openvpn.net/c/openvpn/+/433?usp=email ) Change subject: io_work: pass event_arg object to event handler in case of socket event .. Abandoned -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/433?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I5899081c69bf1aa654d20e607fcdbd589140d474 Gerrit-Change-Number: 433 Gerrit-PatchSet: 1 Gerrit-Owner: ordex Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-MessageType: abandon ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: override ai_family if 'local' numeric address was specified
ordex has abandoned this change. ( http://gerrit.openvpn.net/c/openvpn/+/437?usp=email ) Change subject: override ai_family if 'local' numeric address was specified .. Abandoned -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/437?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I8c9ec61af9e786ec284e756ec3a77a959c79f49b Gerrit-Change-Number: 437 Gerrit-PatchSet: 1 Gerrit-Owner: ordex Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-MessageType: abandon ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [L] Change in openvpn[master]: Bind to multiple ipv4/ipv6 addresses
ordex has abandoned this change. ( http://gerrit.openvpn.net/c/openvpn/+/438?usp=email ) Change subject: Bind to multiple ipv4/ipv6 addresses .. Abandoned -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/438?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ia122d5cdc42c2969eef6f32f438e30b52652721f Gerrit-Change-Number: 438 Gerrit-PatchSet: 1 Gerrit-Owner: ordex Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-MessageType: abandon ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [M] Change in openvpn[master]: event/multi: add event_arg object to make event handling more generic
ordex has abandoned this change. ( http://gerrit.openvpn.net/c/openvpn/+/430?usp=email ) Change subject: event/multi: add event_arg object to make event handling more generic .. Abandoned -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/430?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: If11e901c26fc5aafdcfd59a214d70c6e6a548f40 Gerrit-Change-Number: 430 Gerrit-PatchSet: 1 Gerrit-Owner: ordex Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-MessageType: abandon ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [L] Change in openvpn[master]: allow tcp/udp server to listen on multiple ports at the same time
Attention is currently required from: flichtenheld, plaisthos. ordex has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/434?usp=email ) Change subject: allow tcp/udp server to listen on multiple ports at the same time .. Set Ready For Review -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/434?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ia0a889e800f0b36aed770ee36e31afeec5df6084 Gerrit-Change-Number: 434 Gerrit-PatchSet: 2 Gerrit-Owner: ordex Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: flichtenheld Gerrit-Comment-Date: Tue, 24 Sep 2024 20:43:00 + Gerrit-HasComments: No Gerrit-Has-Labels: No Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [L] Change in openvpn[master]: Using the same wait function for both TCP and UDP
ordex has abandoned this change. ( http://gerrit.openvpn.net/c/openvpn/+/440?usp=email ) Change subject: Using the same wait function for both TCP and UDP .. Abandoned -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/440?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I81ec69d12abc9a661875c93c7f1bd97e525df55f Gerrit-Change-Number: 440 Gerrit-PatchSet: 1 Gerrit-Owner: ordex Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-MessageType: abandon ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH applied] Re: Change dev null to be a driver type instead of a special mode of tun/tap
This is just basic refactoring, making future work on special-case hacks like "--dev null" or "af_unix" more streamlined. No functional change expected or seen. The change to tun.c looks huge but is mostly re-indenting after getting rid of the DEV_TYPE_NULL condition (-> git show -w) in open_tun_generic(), and also moving the check from all the open_tun() to open_tun_backend(). As with the previous patch, unwrapped the "offload". Your patch has been applied to the master branch. commit 8fe14fea935d6c2591649353eb7daf4977585b03 Author: Arne Schwabe Date: Tue Sep 24 14:43:28 2024 +0200 Change dev null to be a driver type instead of a special mode of tun/tap Signed-off-by: Arne Schwabe Acked-by: Gert Doering Message-Id: <20240924124328.3037-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29384.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [M] Change in openvpn[master]: Change dev null to be a driver type instead of a special mode of tun/tap
cron2 has uploaded a new patch set (#12) to the change originally created by
plaisthos. ( http://gerrit.openvpn.net/c/openvpn/+/748?usp=email )
The following approvals got outdated and were removed:
Code-Review+2 by cron2
Change subject: Change dev null to be a driver type instead of a special mode
of tun/tap
..
Change dev null to be a driver type instead of a special mode of tun/tap
Change-Id: I5987ebb7c38ab176eed7efc004ea54f606a77a12
Signed-off-by: Arne Schwabe
Acked-by: Gert Doering
Message-Id: <20240924124328.3037-1-g...@greenie.muc.de>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29384.html
Signed-off-by: Gert Doering
---
M src/openvpn/dco.c
M src/openvpn/init.c
M src/openvpn/proto.h
M src/openvpn/tun.c
M src/openvpn/tun.h
5 files changed, 92 insertions(+), 113 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/48/748/12
diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index 161126b..38f934a 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -305,6 +305,12 @@
return false;
}
+if (is_dev_type(o->dev, o->dev_type, "null"))
+{
+msg(msglevel, "Note: null tun type selected, disabling data channel
offload");
+return false;
+}
+
if (o->connection_list)
{
const struct connection_list *l = o->connection_list;
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 1a14e19..fbf2c5b 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -1764,6 +1764,10 @@
/* Using AF_UNIX trumps using DCO */
c->c1.tuntap->backend_driver = DRIVER_AFUNIX;
}
+else if (is_dev_type(c->options.dev, c->options.dev_type, "null"))
+{
+c->c1.tuntap->backend_driver = DRIVER_NULL;
+}
#ifdef _WIN32
else
{
@@ -1858,7 +1862,12 @@
open_tun_backend(struct context *c)
{
struct tuntap *tt = c->c1.tuntap;
-if (tt->backend_driver == DRIVER_AFUNIX)
+
+if (tt->backend_driver == DRIVER_NULL)
+{
+open_tun_null(c->c1.tuntap);
+}
+else if (tt->backend_driver == DRIVER_AFUNIX)
{
open_tun_afunix(&c->options, c->c2.frame.tun_mtu, tt, c->c2.es);
}
@@ -2059,6 +2068,11 @@
{
close_tun_afunix(c->c1.tuntap);
}
+else if (c->c1.tuntap->backend_driver == DRIVER_NULL)
+{
+free(c->c1.tuntap->actual_name);
+free(c->c1.tuntap);
+}
else
{
close_tun(c->c1.tuntap, &c->net_ctx);
diff --git a/src/openvpn/proto.h b/src/openvpn/proto.h
index 4b6d6d6..a160fb6 100644
--- a/src/openvpn/proto.h
+++ b/src/openvpn/proto.h
@@ -33,7 +33,6 @@
* Tunnel types
*/
#define DEV_TYPE_UNDEF 0
-#define DEV_TYPE_NULL 1
#define DEV_TYPE_TUN 2/* point-to-point IP tunnel */
#define DEV_TYPE_TAP 3/* ethernet (802.3) tunnel */
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index b305b64..770e806 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -75,6 +75,9 @@
case DRIVER_AFUNIX:
return "unix";
+case DRIVER_NULL:
+return "null";
+
case DRIVER_UTUN:
return "utun";
@@ -463,7 +466,9 @@
int
dev_type_enum(const char *dev, const char *dev_type)
{
-if (is_dev_type(dev, dev_type, "tun"))
+/* We pretend that the null device is also a tun device but it does not
+ * really matter as it will discard everything anyway */
+if (is_dev_type(dev, dev_type, "tun") || is_dev_type(dev, dev_type,
"null"))
{
return DEV_TYPE_TUN;
}
@@ -471,10 +476,6 @@
{
return DEV_TYPE_TAP;
}
-else if (is_dev_type(dev, dev_type, "null"))
-{
-return DEV_TYPE_NULL;
-}
else
{
return DEV_TYPE_UNDEF;
@@ -492,9 +493,6 @@
case DEV_TYPE_TAP:
return "tap";
-case DEV_TYPE_NULL:
-return "null";
-
default:
return "[unknown-dev-type]";
}
@@ -768,8 +766,7 @@
bool tun_p2p = false;
if (tt->type == DEV_TYPE_TAP
-|| (tt->type == DEV_TYPE_TUN && tt->topology == TOP_SUBNET)
-|| tt->type == DEV_TYPE_NULL)
+|| (tt->type == DEV_TYPE_TUN && tt->topology == TOP_SUBNET))
{
tun_p2p = false;
}
@@ -780,7 +777,6 @@
else
{
msg(M_FATAL, "Error: problem with tun vs. tap setting"); /* JYFIXME --
needs to be caught earlier, in init_tun? */
-
}
return tun_p2p;
}
@@ -1748,7 +1744,7 @@
void
undo_ifconfig(struct tuntap *tt, openvpn_net_ctx_t *ctx)
{
-if (tt->type != DEV_TYPE_NULL)
+if (tt->backend_driver != DRIVER_NULL)
{
if (tt->did_ifconfig_setup)
{
@@ -1779,13 +1775,6 @@
#endif
}
-static void
-open_null(struct tuntap *tt)
-{
-tt->actual_name = string_alloc("null", NULL);
-}
-
-
#if defined (TARGET_OPENBSD) || (defined(TARGET_DARWIN) && HAVE_NET_IF_UTUN_H)
/*
@@
[Openvpn-devel] [M] Change in openvpn[master]: Change dev null to be a driver type instead of a special mode of tun/tap
cron2 has submitted this change. (
http://gerrit.openvpn.net/c/openvpn/+/748?usp=email )
Change subject: Change dev null to be a driver type instead of a special mode
of tun/tap
..
Change dev null to be a driver type instead of a special mode of tun/tap
Change-Id: I5987ebb7c38ab176eed7efc004ea54f606a77a12
Signed-off-by: Arne Schwabe
Acked-by: Gert Doering
Message-Id: <20240924124328.3037-1-g...@greenie.muc.de>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29384.html
Signed-off-by: Gert Doering
---
M src/openvpn/dco.c
M src/openvpn/init.c
M src/openvpn/proto.h
M src/openvpn/tun.c
M src/openvpn/tun.h
5 files changed, 92 insertions(+), 113 deletions(-)
diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index 161126b..38f934a 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -305,6 +305,12 @@
return false;
}
+if (is_dev_type(o->dev, o->dev_type, "null"))
+{
+msg(msglevel, "Note: null tun type selected, disabling data channel
offload");
+return false;
+}
+
if (o->connection_list)
{
const struct connection_list *l = o->connection_list;
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 1a14e19..fbf2c5b 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -1764,6 +1764,10 @@
/* Using AF_UNIX trumps using DCO */
c->c1.tuntap->backend_driver = DRIVER_AFUNIX;
}
+else if (is_dev_type(c->options.dev, c->options.dev_type, "null"))
+{
+c->c1.tuntap->backend_driver = DRIVER_NULL;
+}
#ifdef _WIN32
else
{
@@ -1858,7 +1862,12 @@
open_tun_backend(struct context *c)
{
struct tuntap *tt = c->c1.tuntap;
-if (tt->backend_driver == DRIVER_AFUNIX)
+
+if (tt->backend_driver == DRIVER_NULL)
+{
+open_tun_null(c->c1.tuntap);
+}
+else if (tt->backend_driver == DRIVER_AFUNIX)
{
open_tun_afunix(&c->options, c->c2.frame.tun_mtu, tt, c->c2.es);
}
@@ -2059,6 +2068,11 @@
{
close_tun_afunix(c->c1.tuntap);
}
+else if (c->c1.tuntap->backend_driver == DRIVER_NULL)
+{
+free(c->c1.tuntap->actual_name);
+free(c->c1.tuntap);
+}
else
{
close_tun(c->c1.tuntap, &c->net_ctx);
diff --git a/src/openvpn/proto.h b/src/openvpn/proto.h
index 4b6d6d6..a160fb6 100644
--- a/src/openvpn/proto.h
+++ b/src/openvpn/proto.h
@@ -33,7 +33,6 @@
* Tunnel types
*/
#define DEV_TYPE_UNDEF 0
-#define DEV_TYPE_NULL 1
#define DEV_TYPE_TUN 2/* point-to-point IP tunnel */
#define DEV_TYPE_TAP 3/* ethernet (802.3) tunnel */
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index b305b64..770e806 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -75,6 +75,9 @@
case DRIVER_AFUNIX:
return "unix";
+case DRIVER_NULL:
+return "null";
+
case DRIVER_UTUN:
return "utun";
@@ -463,7 +466,9 @@
int
dev_type_enum(const char *dev, const char *dev_type)
{
-if (is_dev_type(dev, dev_type, "tun"))
+/* We pretend that the null device is also a tun device but it does not
+ * really matter as it will discard everything anyway */
+if (is_dev_type(dev, dev_type, "tun") || is_dev_type(dev, dev_type,
"null"))
{
return DEV_TYPE_TUN;
}
@@ -471,10 +476,6 @@
{
return DEV_TYPE_TAP;
}
-else if (is_dev_type(dev, dev_type, "null"))
-{
-return DEV_TYPE_NULL;
-}
else
{
return DEV_TYPE_UNDEF;
@@ -492,9 +493,6 @@
case DEV_TYPE_TAP:
return "tap";
-case DEV_TYPE_NULL:
-return "null";
-
default:
return "[unknown-dev-type]";
}
@@ -768,8 +766,7 @@
bool tun_p2p = false;
if (tt->type == DEV_TYPE_TAP
-|| (tt->type == DEV_TYPE_TUN && tt->topology == TOP_SUBNET)
-|| tt->type == DEV_TYPE_NULL)
+|| (tt->type == DEV_TYPE_TUN && tt->topology == TOP_SUBNET))
{
tun_p2p = false;
}
@@ -780,7 +777,6 @@
else
{
msg(M_FATAL, "Error: problem with tun vs. tap setting"); /* JYFIXME --
needs to be caught earlier, in init_tun? */
-
}
return tun_p2p;
}
@@ -1748,7 +1744,7 @@
void
undo_ifconfig(struct tuntap *tt, openvpn_net_ctx_t *ctx)
{
-if (tt->type != DEV_TYPE_NULL)
+if (tt->backend_driver != DRIVER_NULL)
{
if (tt->did_ifconfig_setup)
{
@@ -1779,13 +1775,6 @@
#endif
}
-static void
-open_null(struct tuntap *tt)
-{
-tt->actual_name = string_alloc("null", NULL);
-}
-
-
#if defined (TARGET_OPENBSD) || (defined(TARGET_DARWIN) && HAVE_NET_IF_UTUN_H)
/*
@@ -1901,78 +1890,72 @@
char dynamic_name[256];
bool dynamic_opened = false;
-if (tt->type == DEV_TYPE_NULL)
+/*
+ * --dev-node specified, so open an explicit device node
+ */
+if
[Openvpn-devel] [PATCH applied] Re: Use print_tun_backend_driver instead of custom code to print type
Straight forward code simplification and generalization. Your patch has been applied to the master branch. commit 193b4f9dd0b09379c0f8f2be0613a1405bbdac8a Author: Arne Schwabe Date: Tue Sep 24 14:55:13 2024 +0200 Use print_tun_backend_driver instead of custom code to print type Signed-off-by: Arne Schwabe Acked-by: Gert Doering Message-Id: <20240924125513.10710-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29386.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: Use print_tun_backend_driver instead of custom code to print type
cron2 has uploaded a new patch set (#12) to the change originally created by
plaisthos. ( http://gerrit.openvpn.net/c/openvpn/+/749?usp=email )
The following approvals got outdated and were removed:
Code-Review+2 by cron2
Change subject: Use print_tun_backend_driver instead of custom code to print
type
..
Use print_tun_backend_driver instead of custom code to print type
Also show the device type that we opened always instead of certain
conditions only.
Change-Id: Ib8f12516dbe294e21d3fed77478fb7660d4600c1
Signed-off-by: Arne Schwabe
Acked-by: Gert Doering
Message-Id: <20240924125513.10710-1-g...@greenie.muc.de>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29386.html
Signed-off-by: Gert Doering
---
M src/openvpn/init.c
M src/openvpn/tun.c
M src/openvpn/tun.h
3 files changed, 8 insertions(+), 5 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/49/749/12
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index fbf2c5b..cd9203a 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -1876,6 +1876,7 @@
open_tun(c->options.dev, c->options.dev_type, c->options.dev_node,
tt, &c->net_ctx);
}
+msg(M_INFO, "%s device [%s] opened",
print_tun_backend_driver(tt->backend_driver), tt->actual_name);
}
@@ -2056,7 +2057,7 @@
do_close_tun_simple(struct context *c)
{
msg(D_CLOSE, "Closing %s interface",
-dco_enabled(&c->options) ? "DCO" : "TUN/TAP");
+print_tun_backend_driver(c->c1.tuntap->backend_driver));
if (c->c1.tuntap)
{
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 770e806..206ddc0 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -6678,7 +6678,6 @@
* GUID using the registry */
tt->actual_name = string_alloc((const char *)actual_buffer, NULL);
-msg(M_INFO, "%s device [%s] opened",
print_tun_backend_driver(tt->backend_driver), tt->actual_name);
tt->adapter_index = get_adapter_index(*device_guid);
}
diff --git a/src/openvpn/tun.h b/src/openvpn/tun.h
index b2c1b01..329cd10 100644
--- a/src/openvpn/tun.h
+++ b/src/openvpn/tun.h
@@ -361,6 +361,12 @@
void warn_on_use_of_common_subnets(openvpn_net_ctx_t *ctx);
+/**
+ * Return a string representation of the tun backed driver type
+ */
+const char *
+print_tun_backend_driver(enum tun_driver_type driver);
+
/*
* Should ifconfig be called before or after
* tun dev open?
@@ -689,9 +695,6 @@
return tuntap_is_dco_win(tt) && (status < 0) && (openvpn_errno() ==
ERROR_NETNAME_DELETED);
}
-const char *
-print_tun_backend_driver(enum tun_driver_type driver);
-
#else /* ifdef _WIN32 */
static inline bool
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/749?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: Ib8f12516dbe294e21d3fed77478fb7660d4600c1
Gerrit-Change-Number: 749
Gerrit-PatchSet: 12
Gerrit-Owner: plaisthos
Gerrit-Reviewer: cron2
Gerrit-Reviewer: flichtenheld
Gerrit-CC: openvpn-devel
Gerrit-MessageType: newpatchset
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: Use print_tun_backend_driver instead of custom code to print type
cron2 has submitted this change. (
http://gerrit.openvpn.net/c/openvpn/+/749?usp=email )
Change subject: Use print_tun_backend_driver instead of custom code to print
type
..
Use print_tun_backend_driver instead of custom code to print type
Also show the device type that we opened always instead of certain
conditions only.
Change-Id: Ib8f12516dbe294e21d3fed77478fb7660d4600c1
Signed-off-by: Arne Schwabe
Acked-by: Gert Doering
Message-Id: <20240924125513.10710-1-g...@greenie.muc.de>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29386.html
Signed-off-by: Gert Doering
---
M src/openvpn/init.c
M src/openvpn/tun.c
M src/openvpn/tun.h
3 files changed, 8 insertions(+), 5 deletions(-)
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index fbf2c5b..cd9203a 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -1876,6 +1876,7 @@
open_tun(c->options.dev, c->options.dev_type, c->options.dev_node,
tt, &c->net_ctx);
}
+msg(M_INFO, "%s device [%s] opened",
print_tun_backend_driver(tt->backend_driver), tt->actual_name);
}
@@ -2056,7 +2057,7 @@
do_close_tun_simple(struct context *c)
{
msg(D_CLOSE, "Closing %s interface",
-dco_enabled(&c->options) ? "DCO" : "TUN/TAP");
+print_tun_backend_driver(c->c1.tuntap->backend_driver));
if (c->c1.tuntap)
{
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 770e806..206ddc0 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -6678,7 +6678,6 @@
* GUID using the registry */
tt->actual_name = string_alloc((const char *)actual_buffer, NULL);
-msg(M_INFO, "%s device [%s] opened",
print_tun_backend_driver(tt->backend_driver), tt->actual_name);
tt->adapter_index = get_adapter_index(*device_guid);
}
diff --git a/src/openvpn/tun.h b/src/openvpn/tun.h
index b2c1b01..329cd10 100644
--- a/src/openvpn/tun.h
+++ b/src/openvpn/tun.h
@@ -361,6 +361,12 @@
void warn_on_use_of_common_subnets(openvpn_net_ctx_t *ctx);
+/**
+ * Return a string representation of the tun backed driver type
+ */
+const char *
+print_tun_backend_driver(enum tun_driver_type driver);
+
/*
* Should ifconfig be called before or after
* tun dev open?
@@ -689,9 +695,6 @@
return tuntap_is_dco_win(tt) && (status < 0) && (openvpn_errno() ==
ERROR_NETNAME_DELETED);
}
-const char *
-print_tun_backend_driver(enum tun_driver_type driver);
-
#else /* ifdef _WIN32 */
static inline bool
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/749?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: Ib8f12516dbe294e21d3fed77478fb7660d4600c1
Gerrit-Change-Number: 749
Gerrit-PatchSet: 12
Gerrit-Owner: plaisthos
Gerrit-Reviewer: cron2
Gerrit-Reviewer: flichtenheld
Gerrit-CC: openvpn-devel
Gerrit-MessageType: merged
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH v11] Automatically enable ifconfig-exec/route-exec behaviour for afunix tun/tap
From: Arne Schwabe
Change-Id: I0a2957699757665d70514ba7cafe833443018ad6
Signed-off-by: Arne Schwabe
Acked-by: Gert Doering
---
This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/750
This mail reflects revision 11 of this Change.
Acked-by according to Gerrit (reflected above):
Gert Doering
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index cd9203a..876edad 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -1679,6 +1679,18 @@
#endif /* ifdef ENABLE_MANAGEMENT */
}
+/**
+ * Determine if external route commands should be executed based on
+ * configured options and backend driver
+ */
+static bool
+route_noexec_enabled(const struct options *o, const struct tuntap *tt)
+{
+return o->route_noexec
+ || (tt && tt->backend_driver == DRIVER_AFUNIX)
+ || (tt && tt->backend_driver == DRIVER_NULL);
+}
+
/*
* Possibly add routes and/or call route-up script
* based on options.
@@ -1693,7 +1705,7 @@
openvpn_net_ctx_t *ctx)
{
bool ret = true;
-if (!options->route_noexec && ( route_list || route_ipv6_list ) )
+if (!route_noexec_enabled(options, tt) && ( route_list || route_ipv6_list
) )
{
ret = add_routes(route_list, route_ipv6_list, tt,
ROUTE_OPTION_FLAGS(options),
es, ctx);
@@ -1858,6 +1870,19 @@
#endif
}
+/**
+ * Determines if ifconfig execution should be disabled because of a
+ * @param c
+ * @return
+ */
+static bool
+ifconfig_noexec_enabled(const struct context *c)
+{
+return c->options.ifconfig_noexec
+ || (c->c1.tuntap && c->c1.tuntap->backend_driver == DRIVER_AFUNIX)
+ || (c->c1.tuntap && c->c1.tuntap->backend_driver == DRIVER_NULL);
+}
+
static void
open_tun_backend(struct context *c)
{
@@ -1937,7 +1962,7 @@
}
/* do ifconfig */
-if (!c->options.ifconfig_noexec
+if (!ifconfig_noexec_enabled(c)
&& ifconfig_order(c->c1.tuntap) == IFCONFIG_BEFORE_TUN_OPEN)
{
/* guess actual tun/tap unit number that will be returned
@@ -1978,7 +2003,7 @@
}
/* do ifconfig */
-if (!c->options.ifconfig_noexec
+if (!ifconfig_noexec_enabled(c)
&& ifconfig_order(c->c1.tuntap) == IFCONFIG_AFTER_TUN_OPEN)
{
do_ifconfig(c->c1.tuntap, c->c1.tuntap->actual_name,
@@ -2061,7 +2086,7 @@
if (c->c1.tuntap)
{
-if (!c->options.ifconfig_noexec)
+if (!ifconfig_noexec_enabled(c))
{
undo_ifconfig(c->c1.tuntap, &c->net_ctx);
}
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 206ddc0..85fe01a 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -1744,7 +1744,7 @@
void
undo_ifconfig(struct tuntap *tt, openvpn_net_ctx_t *ctx)
{
-if (tt->backend_driver != DRIVER_NULL)
+if (tt->backend_driver != DRIVER_NULL && tt->backend_driver !=
DRIVER_AFUNIX)
{
if (tt->did_ifconfig_setup)
{
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [L] Change in openvpn[master]: Introduce DRIVER_AFUNIX backend for use with lwipovpn
Attention is currently required from: cron2, flichtenheld. plaisthos has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/747?usp=email ) Change subject: Introduce DRIVER_AFUNIX backend for use with lwipovpn .. Patch Set 10: (7 comments) File src/openvpn/dco.c: http://gerrit.openvpn.net/c/openvpn/+/747/comment/dc90dae1_5d368c9f : PS10, Line 306: return false; > blank missing, and I would not wrap a single word Done File src/openvpn/forward.c: http://gerrit.openvpn.net/c/openvpn/+/747/comment/786d9bf0_01d92300 : PS10, Line 1325: c->c2.buf.len = tun_afunix_read(c->c1.tuntap, BPTR(&c->c2.buf), c->c2.frame.buf.payload_size); > the monk in me complains that `read_tun()` should be paired with > `read_tun_afunix()`... […] Done http://gerrit.openvpn.net/c/openvpn/+/747/comment/4985ee6c_466dd8db : PS10, Line 1939: size = tun_afunix_write(c->c1.tuntap, BPTR(&c->c2.to_tun), BLEN(&c->c2.to_tun)); > see above ;-) Done File src/openvpn/init.c: http://gerrit.openvpn.net/c/openvpn/+/747/comment/9d2a0551_4486932b : PS10, Line 2060: tun_afunix_close(c->c1.tuntap); > you are using `open_tun_afunix()` for `open_tun()`, so this really should be > `close_tun_afunix()` th […] Done File src/openvpn/run_command.h: http://gerrit.openvpn.net/c/openvpn/+/747/comment/128d3fd4_13147565 : PS10, Line 52: #define S_NOWAITPID (1<<3) > the indenting here looks like one is using tab, one is using spaces Done File src/openvpn/tun_afunix.c: http://gerrit.openvpn.net/c/openvpn/+/747/comment/56f93adc_cb7474df : PS10, Line 39: #if defined(AF_UNIX) && !defined(WIN32) > I do wonder if the conditional on `AF_UNIX` is really needed (here and > elsewhere). […] Done http://gerrit.openvpn.net/c/openvpn/+/747/comment/11503245_d6c4ddaf : PS10, Line 125: > should we `wait()`? Or are we handling SIGCHLD elsewhere? I am not sure that waiting is really needed. We could wait to ensure that the child really exits. We currently ignore SIGCHLD and that means that the process will just die. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/747?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I65099ef00822d08fd3f5480c80892f3bf86c56e7 Gerrit-Change-Number: 747 Gerrit-PatchSet: 10 Gerrit-Owner: plaisthos Gerrit-Reviewer: cron2 Gerrit-Reviewer: flichtenheld Gerrit-CC: openvpn-devel Gerrit-Attention: cron2 Gerrit-Attention: flichtenheld Gerrit-Comment-Date: Tue, 24 Sep 2024 08:21:53 + Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: cron2 Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [L] Change in openvpn[master]: Introduce DRIVER_AFUNIX backend for use with lwipovpn
Attention is currently required from: cron2, flichtenheld.
Hello cron2, flichtenheld,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/747?usp=email
to look at the new patch set (#11).
The following approvals got outdated and were removed:
Code-Review-1 by cron2
Change subject: Introduce DRIVER_AFUNIX backend for use with lwipovpn
..
Introduce DRIVER_AFUNIX backend for use with lwipovpn
lwipovpn is a using lwip TCP/IP implementation with an AF_UNIX
implementation to emulate a tun/tap device without messing with the
TCP/IP stack of the host.
For more information about lwipovpn see https://github.com/OpenVPN/lwipovpn
Change-Id: I65099ef00822d08fd3f5480c80892f3bf86c56e7
Signed-off-by: Arne Schwabe
---
M CMakeLists.txt
M Changes.rst
M doc/man-sections/vpn-network-options.rst
M src/openvpn/Makefile.am
M src/openvpn/dco.c
M src/openvpn/forward.c
M src/openvpn/init.c
M src/openvpn/run_command.c
M src/openvpn/run_command.h
M src/openvpn/tun.c
M src/openvpn/tun.h
A src/openvpn/tun_afunix.c
A src/openvpn/tun_afunix.h
13 files changed, 394 insertions(+), 16 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/47/747/11
diff --git a/CMakeLists.txt b/CMakeLists.txt
index ad620fa..6271574 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -536,6 +536,8 @@
src/openvpn/tls_crypt.c
src/openvpn/tun.c
src/openvpn/tun.h
+src/openvpn/tun_afunix.c
+src/openvpn/tun_afunix.h
src/openvpn/networking_sitnl.c
src/openvpn/networking_freebsd.c
src/openvpn/auth_token.c
diff --git a/Changes.rst b/Changes.rst
index 439352a..7d19577 100644
--- a/Changes.rst
+++ b/Changes.rst
@@ -9,6 +9,19 @@
the user experience as the client shows an error instead of running into
a timeout when the server just stops responding completely.
+Support for tun/tap via unix domain socket and lwipovpn support
+To allow better testing and emulating a full client with a full
+network stack OpenVPN now allows a program executed to provide
+a tun/tap device instead of opening a device.
+
+The co-developed lwipovpn program based on lwIP stack allows to
+simulate full IP stack and an OpenVPN client using
+``--dev-node unix:/path/to/lwipovpn`` can emulate a full client that
+can be pinged, can serve a website and more without requiring any
+elevated permission. This can make testing OpenVPN much easier.
+
+For more details see [lwipovpn on
Gihtub](https://github.com/OpenVPN/lwipovpn).
+
Deprecated features
---
``secret`` support has been removed by default.
diff --git a/doc/man-sections/vpn-network-options.rst
b/doc/man-sections/vpn-network-options.rst
index 84d4273..fc76939 100644
--- a/doc/man-sections/vpn-network-options.rst
+++ b/doc/man-sections/vpn-network-options.rst
@@ -117,6 +117,16 @@
figure out whether ``node`` is a TUN or TAP device based on the name,
you should also specify ``--dev-type tun`` or ``--dev-type tap``.
+ If ``node`` starts with the string ``unix:`` openvpn will treat the rest
+ of the argument as a program.
+ OpenVPN will start the program and create a temporary unix domain socket that
+ will be passed to the program together with the tun configuration as
+ environment variables. The temporary unix domain socket will be be passed
+ in the environment variable :code:`TUNTAP_SOCKET_FD`.
+
+ This ``unix:`` mode is designed mainly to use with the lwipovpn network
+ emulator (https://github.com/OpenVPN/lwipovpn).
+
--dev-type device-type
Which device type are we using? ``device-type`` should be :code:`tun`
(OSI Layer 3) or :code:`tap` (OSI Layer 2). Use this option only if
diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am
index 3784a98..ecb2bcf 100644
--- a/src/openvpn/Makefile.am
+++ b/src/openvpn/Makefile.am
@@ -140,6 +140,7 @@
syshead.h \
tls_crypt.c tls_crypt.h \
tun.c tun.h \
+ tun_afunix.c tun_afunix.h \
vlan.c vlan.h \
xkey_provider.c xkey_common.h \
xkey_helper.c \
diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index 0df185e..ecef455 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -41,6 +41,7 @@
#include "ssl_common.h"
#include "ssl_ncp.h"
#include "tun.h"
+#include "tun_afunix.h"
#ifdef HAVE_LIBCAPNG
#include
@@ -298,6 +299,13 @@
return false;
}
+if (is_tun_afunix(o->dev_node))
+{
+msg(msglevel, "Note: afunix tun type selected, disabling data channel"
+"offload");
+return false;
+}
+
if (o->connection_list)
{
const struct connection_list *l = o->connection_list;
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index a88a4bb..6df01d1 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -41,6 +41,7 @@
#include "ssl_verify.h"
#include "dco.h"
#include "auth_token.h"
+#include "tun_afun
[Openvpn-devel] [M] Change in openvpn[master]: Change dev null to be a driver type instead of a special mode of tun/tap
Attention is currently required from: cron2, flichtenheld.
Hello cron2, flichtenheld,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/748?usp=email
to look at the new patch set (#11).
The following approvals got outdated and were removed:
Code-Review-1 by cron2
Change subject: Change dev null to be a driver type instead of a special mode
of tun/tap
..
Change dev null to be a driver type instead of a special mode of tun/tap
Change-Id: I5987ebb7c38ab176eed7efc004ea54f606a77a12
Signed-off-by: Arne Schwabe
---
M src/openvpn/dco.c
M src/openvpn/init.c
M src/openvpn/proto.h
M src/openvpn/tun.c
M src/openvpn/tun.h
5 files changed, 93 insertions(+), 113 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/48/748/11
diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index ecef455..7864db3 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -306,6 +306,13 @@
return false;
}
+if (is_dev_type(o->dev, o->dev_type, "null"))
+{
+msg(msglevel, "Note: null tun type selected, disabling data channel "
+"offload");
+return false;
+}
+
if (o->connection_list)
{
const struct connection_list *l = o->connection_list;
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 1a14e19..fbf2c5b 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -1764,6 +1764,10 @@
/* Using AF_UNIX trumps using DCO */
c->c1.tuntap->backend_driver = DRIVER_AFUNIX;
}
+else if (is_dev_type(c->options.dev, c->options.dev_type, "null"))
+{
+c->c1.tuntap->backend_driver = DRIVER_NULL;
+}
#ifdef _WIN32
else
{
@@ -1858,7 +1862,12 @@
open_tun_backend(struct context *c)
{
struct tuntap *tt = c->c1.tuntap;
-if (tt->backend_driver == DRIVER_AFUNIX)
+
+if (tt->backend_driver == DRIVER_NULL)
+{
+open_tun_null(c->c1.tuntap);
+}
+else if (tt->backend_driver == DRIVER_AFUNIX)
{
open_tun_afunix(&c->options, c->c2.frame.tun_mtu, tt, c->c2.es);
}
@@ -2059,6 +2068,11 @@
{
close_tun_afunix(c->c1.tuntap);
}
+else if (c->c1.tuntap->backend_driver == DRIVER_NULL)
+{
+free(c->c1.tuntap->actual_name);
+free(c->c1.tuntap);
+}
else
{
close_tun(c->c1.tuntap, &c->net_ctx);
diff --git a/src/openvpn/proto.h b/src/openvpn/proto.h
index 4b6d6d6..a160fb6 100644
--- a/src/openvpn/proto.h
+++ b/src/openvpn/proto.h
@@ -33,7 +33,6 @@
* Tunnel types
*/
#define DEV_TYPE_UNDEF 0
-#define DEV_TYPE_NULL 1
#define DEV_TYPE_TUN 2/* point-to-point IP tunnel */
#define DEV_TYPE_TAP 3/* ethernet (802.3) tunnel */
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index b305b64..770e806 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -75,6 +75,9 @@
case DRIVER_AFUNIX:
return "unix";
+case DRIVER_NULL:
+return "null";
+
case DRIVER_UTUN:
return "utun";
@@ -463,7 +466,9 @@
int
dev_type_enum(const char *dev, const char *dev_type)
{
-if (is_dev_type(dev, dev_type, "tun"))
+/* We pretend that the null device is also a tun device but it does not
+ * really matter as it will discard everything anyway */
+if (is_dev_type(dev, dev_type, "tun") || is_dev_type(dev, dev_type,
"null"))
{
return DEV_TYPE_TUN;
}
@@ -471,10 +476,6 @@
{
return DEV_TYPE_TAP;
}
-else if (is_dev_type(dev, dev_type, "null"))
-{
-return DEV_TYPE_NULL;
-}
else
{
return DEV_TYPE_UNDEF;
@@ -492,9 +493,6 @@
case DEV_TYPE_TAP:
return "tap";
-case DEV_TYPE_NULL:
-return "null";
-
default:
return "[unknown-dev-type]";
}
@@ -768,8 +766,7 @@
bool tun_p2p = false;
if (tt->type == DEV_TYPE_TAP
-|| (tt->type == DEV_TYPE_TUN && tt->topology == TOP_SUBNET)
-|| tt->type == DEV_TYPE_NULL)
+|| (tt->type == DEV_TYPE_TUN && tt->topology == TOP_SUBNET))
{
tun_p2p = false;
}
@@ -780,7 +777,6 @@
else
{
msg(M_FATAL, "Error: problem with tun vs. tap setting"); /* JYFIXME --
needs to be caught earlier, in init_tun? */
-
}
return tun_p2p;
}
@@ -1748,7 +1744,7 @@
void
undo_ifconfig(struct tuntap *tt, openvpn_net_ctx_t *ctx)
{
-if (tt->type != DEV_TYPE_NULL)
+if (tt->backend_driver != DRIVER_NULL)
{
if (tt->did_ifconfig_setup)
{
@@ -1779,13 +1775,6 @@
#endif
}
-static void
-open_null(struct tuntap *tt)
-{
-tt->actual_name = string_alloc("null", NULL);
-}
-
-
#if defined (TARGET_OPENBSD) || (defined(TARGET_DARWIN) && HAVE_NET_IF_UTUN_H)
/*
@@ -1901,78 +1890,72 @@
char dynamic_name[256];
bool dynamic_opened = false;
-if
[Openvpn-devel] [S] Change in openvpn[master]: Automatically enable ifconfig-exec/route-exec behaviour for afunix tu...
Attention is currently required from: cron2, flichtenheld, plaisthos.
Hello cron2, flichtenheld,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/750?usp=email
to look at the new patch set (#11).
The following approvals got outdated and were removed:
Code-Review-1 by cron2
Change subject: Automatically enable ifconfig-exec/route-exec behaviour for
afunix tun/tap
..
Automatically enable ifconfig-exec/route-exec behaviour for afunix tun/tap
Change-Id: I0a2957699757665d70514ba7cafe833443018ad6
Signed-off-by: Arne Schwabe
---
M src/openvpn/init.c
M src/openvpn/tun.c
2 files changed, 30 insertions(+), 5 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/50/750/11
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index cd9203a..876edad 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -1679,6 +1679,18 @@
#endif /* ifdef ENABLE_MANAGEMENT */
}
+/**
+ * Determine if external route commands should be executed based on
+ * configured options and backend driver
+ */
+static bool
+route_noexec_enabled(const struct options *o, const struct tuntap *tt)
+{
+return o->route_noexec
+ || (tt && tt->backend_driver == DRIVER_AFUNIX)
+ || (tt && tt->backend_driver == DRIVER_NULL);
+}
+
/*
* Possibly add routes and/or call route-up script
* based on options.
@@ -1693,7 +1705,7 @@
openvpn_net_ctx_t *ctx)
{
bool ret = true;
-if (!options->route_noexec && ( route_list || route_ipv6_list ) )
+if (!route_noexec_enabled(options, tt) && ( route_list || route_ipv6_list
) )
{
ret = add_routes(route_list, route_ipv6_list, tt,
ROUTE_OPTION_FLAGS(options),
es, ctx);
@@ -1858,6 +1870,19 @@
#endif
}
+/**
+ * Determines if ifconfig execution should be disabled because of a
+ * @param c
+ * @return
+ */
+static bool
+ifconfig_noexec_enabled(const struct context *c)
+{
+return c->options.ifconfig_noexec
+ || (c->c1.tuntap && c->c1.tuntap->backend_driver == DRIVER_AFUNIX)
+ || (c->c1.tuntap && c->c1.tuntap->backend_driver == DRIVER_NULL);
+}
+
static void
open_tun_backend(struct context *c)
{
@@ -1937,7 +1962,7 @@
}
/* do ifconfig */
-if (!c->options.ifconfig_noexec
+if (!ifconfig_noexec_enabled(c)
&& ifconfig_order(c->c1.tuntap) == IFCONFIG_BEFORE_TUN_OPEN)
{
/* guess actual tun/tap unit number that will be returned
@@ -1978,7 +2003,7 @@
}
/* do ifconfig */
-if (!c->options.ifconfig_noexec
+if (!ifconfig_noexec_enabled(c)
&& ifconfig_order(c->c1.tuntap) == IFCONFIG_AFTER_TUN_OPEN)
{
do_ifconfig(c->c1.tuntap, c->c1.tuntap->actual_name,
@@ -2061,7 +2086,7 @@
if (c->c1.tuntap)
{
-if (!c->options.ifconfig_noexec)
+if (!ifconfig_noexec_enabled(c))
{
undo_ifconfig(c->c1.tuntap, &c->net_ctx);
}
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 206ddc0..85fe01a 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -1744,7 +1744,7 @@
void
undo_ifconfig(struct tuntap *tt, openvpn_net_ctx_t *ctx)
{
-if (tt->backend_driver != DRIVER_NULL)
+if (tt->backend_driver != DRIVER_NULL && tt->backend_driver !=
DRIVER_AFUNIX)
{
if (tt->did_ifconfig_setup)
{
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/750?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I0a2957699757665d70514ba7cafe833443018ad6
Gerrit-Change-Number: 750
Gerrit-PatchSet: 11
Gerrit-Owner: plaisthos
Gerrit-Reviewer: cron2
Gerrit-Reviewer: flichtenheld
Gerrit-CC: openvpn-devel
Gerrit-Attention: plaisthos
Gerrit-Attention: cron2
Gerrit-Attention: flichtenheld
Gerrit-MessageType: newpatchset
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: WIP print child exit code
Attention is currently required from: flichtenheld.
Hello flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/767?usp=email
to review the following change.
Change subject: WIP print child exit code
..
WIP print child exit code
Change-Id: I188923efc0f72b2038f1470740415ce50d07580b
Signed-off-by: Arne Schwabe
---
M src/openvpn/tun_afunix.c
1 file changed, 30 insertions(+), 0 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/67/767/1
diff --git a/src/openvpn/tun_afunix.c b/src/openvpn/tun_afunix.c
index a2d8552..e26e1d8 100644
--- a/src/openvpn/tun_afunix.c
+++ b/src/openvpn/tun_afunix.c
@@ -48,6 +48,31 @@
#include
static void
+child_handler(int sig)
+{
+int status;
+pid_t pid;
+
+/* XTEERMINAAATE! */
+while ((pid = waitpid(-1, &status, WNOHANG)) > 0)
+{
+msg(M_INFO, "Child process PID %d died with status code %d", pid,
status);
+}
+}
+
+static void
+enable_signal_handler(void)
+{
+/* Establish handler. */
+struct sigaction sa;
+sigemptyset(&sa.sa_mask);
+sa.sa_flags = 0;
+sa.sa_handler = child_handler;
+
+sigaction(SIGCHLD, &sa, NULL);
+}
+
+static void
tun_afunix_exec_child(const char *dev_node, struct tuntap *tt, struct env_set
*env)
{
struct argv argv = argv_new();
@@ -59,10 +84,13 @@
argv_printf(&argv, "%s", program);
argv_msg(M_INFO, &argv);
+
+enable_signal_handler();
tt->afunix.childprocess = openvpn_execve_check(&argv, env, S_NOWAITPID,
"ERROR: failure executing "
"process for tun");
argv_free(&argv);
+
}
void
@@ -120,6 +148,8 @@
gc_free(&gc);
}
+
+
void
close_tun_afunix(struct tuntap *tt)
{
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/767?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I188923efc0f72b2038f1470740415ce50d07580b
Gerrit-Change-Number: 767
Gerrit-PatchSet: 1
Gerrit-Owner: plaisthos
Gerrit-Reviewer: flichtenheld
Gerrit-CC: openvpn-devel
Gerrit-Attention: flichtenheld
Gerrit-MessageType: newchange
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: Use print_tun_backend_driver instead of custom code to print type
Attention is currently required from: flichtenheld, plaisthos.
Hello cron2, flichtenheld,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/749?usp=email
to look at the new patch set (#11).
The change is no longer submittable: checks~ChecksSubmitRule is unsatisfied now.
Change subject: Use print_tun_backend_driver instead of custom code to print
type
..
Use print_tun_backend_driver instead of custom code to print type
Also show the device type that we opened always instead of certain
conditions only.
Change-Id: Ib8f12516dbe294e21d3fed77478fb7660d4600c1
Signed-off-by: Arne Schwabe
---
M src/openvpn/init.c
M src/openvpn/tun.c
M src/openvpn/tun.h
3 files changed, 8 insertions(+), 5 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/49/749/11
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index fbf2c5b..cd9203a 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -1876,6 +1876,7 @@
open_tun(c->options.dev, c->options.dev_type, c->options.dev_node,
tt, &c->net_ctx);
}
+msg(M_INFO, "%s device [%s] opened",
print_tun_backend_driver(tt->backend_driver), tt->actual_name);
}
@@ -2056,7 +2057,7 @@
do_close_tun_simple(struct context *c)
{
msg(D_CLOSE, "Closing %s interface",
-dco_enabled(&c->options) ? "DCO" : "TUN/TAP");
+print_tun_backend_driver(c->c1.tuntap->backend_driver));
if (c->c1.tuntap)
{
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 770e806..206ddc0 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -6678,7 +6678,6 @@
* GUID using the registry */
tt->actual_name = string_alloc((const char *)actual_buffer, NULL);
-msg(M_INFO, "%s device [%s] opened",
print_tun_backend_driver(tt->backend_driver), tt->actual_name);
tt->adapter_index = get_adapter_index(*device_guid);
}
diff --git a/src/openvpn/tun.h b/src/openvpn/tun.h
index b2c1b01..329cd10 100644
--- a/src/openvpn/tun.h
+++ b/src/openvpn/tun.h
@@ -361,6 +361,12 @@
void warn_on_use_of_common_subnets(openvpn_net_ctx_t *ctx);
+/**
+ * Return a string representation of the tun backed driver type
+ */
+const char *
+print_tun_backend_driver(enum tun_driver_type driver);
+
/*
* Should ifconfig be called before or after
* tun dev open?
@@ -689,9 +695,6 @@
return tuntap_is_dco_win(tt) && (status < 0) && (openvpn_errno() ==
ERROR_NETNAME_DELETED);
}
-const char *
-print_tun_backend_driver(enum tun_driver_type driver);
-
#else /* ifdef _WIN32 */
static inline bool
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/749?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: Ib8f12516dbe294e21d3fed77478fb7660d4600c1
Gerrit-Change-Number: 749
Gerrit-PatchSet: 11
Gerrit-Owner: plaisthos
Gerrit-Reviewer: cron2
Gerrit-Reviewer: flichtenheld
Gerrit-CC: openvpn-devel
Gerrit-Attention: plaisthos
Gerrit-Attention: flichtenheld
Gerrit-MessageType: newpatchset
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [L] Change in openvpn[master]: Introduce DRIVER_AFUNIX backend for use with lwipovpn
Attention is currently required from: flichtenheld, plaisthos. cron2 has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/747?usp=email ) Change subject: Introduce DRIVER_AFUNIX backend for use with lwipovpn .. Patch Set 11: Code-Review+2 (1 comment) Patchset: PS11: the build fails were unrelated (stuck openvpn process from a previous t_server_null run, breaking all future runs). Agreed to handle the wrapped word on-the-fly. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/747?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I65099ef00822d08fd3f5480c80892f3bf86c56e7 Gerrit-Change-Number: 747 Gerrit-PatchSet: 11 Gerrit-Owner: plaisthos Gerrit-Reviewer: cron2 Gerrit-Reviewer: flichtenheld Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: flichtenheld Gerrit-Comment-Date: Tue, 24 Sep 2024 11:00:43 + Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH v11] Introduce DRIVER_AFUNIX backend for use with lwipovpn
From: Arne Schwabe
lwipovpn is a using lwip TCP/IP implementation with an AF_UNIX
implementation to emulate a tun/tap device without messing with the
TCP/IP stack of the host.
For more information about lwipovpn see https://github.com/OpenVPN/lwipovpn
Change-Id: I65099ef00822d08fd3f5480c80892f3bf86c56e7
Signed-off-by: Arne Schwabe
Acked-by: Gert Doering
---
This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/747
This mail reflects revision 11 of this Change.
Acked-by according to Gerrit (reflected above):
Gert Doering
diff --git a/CMakeLists.txt b/CMakeLists.txt
index ad620fa..6271574 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -536,6 +536,8 @@
src/openvpn/tls_crypt.c
src/openvpn/tun.c
src/openvpn/tun.h
+src/openvpn/tun_afunix.c
+src/openvpn/tun_afunix.h
src/openvpn/networking_sitnl.c
src/openvpn/networking_freebsd.c
src/openvpn/auth_token.c
diff --git a/Changes.rst b/Changes.rst
index 439352a..7d19577 100644
--- a/Changes.rst
+++ b/Changes.rst
@@ -9,6 +9,19 @@
the user experience as the client shows an error instead of running into
a timeout when the server just stops responding completely.
+Support for tun/tap via unix domain socket and lwipovpn support
+To allow better testing and emulating a full client with a full
+network stack OpenVPN now allows a program executed to provide
+a tun/tap device instead of opening a device.
+
+The co-developed lwipovpn program based on lwIP stack allows to
+simulate full IP stack and an OpenVPN client using
+``--dev-node unix:/path/to/lwipovpn`` can emulate a full client that
+can be pinged, can serve a website and more without requiring any
+elevated permission. This can make testing OpenVPN much easier.
+
+For more details see [lwipovpn on
Gihtub](https://github.com/OpenVPN/lwipovpn).
+
Deprecated features
---
``secret`` support has been removed by default.
diff --git a/doc/man-sections/vpn-network-options.rst
b/doc/man-sections/vpn-network-options.rst
index 84d4273..fc76939 100644
--- a/doc/man-sections/vpn-network-options.rst
+++ b/doc/man-sections/vpn-network-options.rst
@@ -117,6 +117,16 @@
figure out whether ``node`` is a TUN or TAP device based on the name,
you should also specify ``--dev-type tun`` or ``--dev-type tap``.
+ If ``node`` starts with the string ``unix:`` openvpn will treat the rest
+ of the argument as a program.
+ OpenVPN will start the program and create a temporary unix domain socket that
+ will be passed to the program together with the tun configuration as
+ environment variables. The temporary unix domain socket will be be passed
+ in the environment variable :code:`TUNTAP_SOCKET_FD`.
+
+ This ``unix:`` mode is designed mainly to use with the lwipovpn network
+ emulator (https://github.com/OpenVPN/lwipovpn).
+
--dev-type device-type
Which device type are we using? ``device-type`` should be :code:`tun`
(OSI Layer 3) or :code:`tap` (OSI Layer 2). Use this option only if
diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am
index 3784a98..ecb2bcf 100644
--- a/src/openvpn/Makefile.am
+++ b/src/openvpn/Makefile.am
@@ -140,6 +140,7 @@
syshead.h \
tls_crypt.c tls_crypt.h \
tun.c tun.h \
+ tun_afunix.c tun_afunix.h \
vlan.c vlan.h \
xkey_provider.c xkey_common.h \
xkey_helper.c \
diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index 0df185e..ecef455 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -41,6 +41,7 @@
#include "ssl_common.h"
#include "ssl_ncp.h"
#include "tun.h"
+#include "tun_afunix.h"
#ifdef HAVE_LIBCAPNG
#include
@@ -298,6 +299,13 @@
return false;
}
+if (is_tun_afunix(o->dev_node))
+{
+msg(msglevel, "Note: afunix tun type selected, disabling data channel"
+"offload");
+return false;
+}
+
if (o->connection_list)
{
const struct connection_list *l = o->connection_list;
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index a88a4bb..6df01d1 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -41,6 +41,7 @@
#include "ssl_verify.h"
#include "dco.h"
#include "auth_token.h"
+#include "tun_afunix.h"
#include "memdbg.h"
@@ -1319,7 +1320,14 @@
#else /* ifdef _WIN32 */
ASSERT(buf_init(&c->c2.buf, c->c2.frame.buf.headroom));
ASSERT(buf_safe(&c->c2.buf, c->c2.frame.buf.payload_size));
-c->c2.buf.len = read_tun(c->c1.tuntap, BPTR(&c->c2.buf),
c->c2.frame.buf.payload_size);
+if (c->c1.tuntap->backend_driver == DRIVER_AFUNIX)
+{
+c->c2.buf.len = read_tun_afunix(c->c1.tuntap, BPTR(&c->c2.buf),
c->c2.frame.buf.payload_size);
+}
+else
+{
+c->c2.buf.len = read_tun(c->c1.tuntap, BPTR(&c->c2.buf),
c->c2.frame.buf.payload_size);
+}
#endif /* ifdef _WIN
[Openvpn-devel] [L] Change in openvpn[master]: Remove support for compression on send
Attention is currently required from: plaisthos. Hello plaisthos, I'd like you to reexamine a change. Please visit http://gerrit.openvpn.net/c/openvpn/+/755?usp=email to look at the new patch set (#4). Change subject: Remove support for compression on send .. Remove support for compression on send We can't disable compression support on receive because that would break too many configurations out there. But we can remove the support for compressing outgoing traffic, it was disabled by default anyway. Makes --allow-compression yes is an alias for --allow-compression asym and removes all resulting dead code. Change-Id: I402ba016b75cfcfec4fc8b2b01cc4eca7e2bcc60 Signed-off-by: Frank Lichtenheld --- M Changes.rst M doc/man-sections/protocol-options.rst M src/openvpn/comp-lz4.c M src/openvpn/comp.h M src/openvpn/dco.c M src/openvpn/lzo.c M src/openvpn/options.c 7 files changed, 55 insertions(+), 319 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/55/755/4 diff --git a/Changes.rst b/Changes.rst index 439352a..b9287ce 100644 --- a/Changes.rst +++ b/Changes.rst @@ -46,6 +46,12 @@ Support for building with OpenSSL 1.0.2 has been removed. The minimum supported OpenSSL version is now 1.1.0. +Compression on send +OpenVPN 2.7 will never compress data before sending. Decompression of +received data is still supported. +``--allow-compression yes`` is now an alias for +``--allow-compression asym``. + Overview of changes in 2.6 == diff --git a/doc/man-sections/protocol-options.rst b/doc/man-sections/protocol-options.rst index 8b061d2..37e2240 100644 --- a/doc/man-sections/protocol-options.rst +++ b/doc/man-sections/protocol-options.rst @@ -30,7 +30,9 @@ framing (stub). :code:`yes` - OpenVPN will send and receive compressed packets. + **DEPRECATED** This option is an alias for :code:`asym`. Previously + it did enable compression for uplink packets, but OpenVPN never + compresses uplink packets now. --auth alg Authenticate data channel packets and (if enabled) ``tls-auth`` control @@ -135,48 +137,26 @@ entirely sure that the above does not apply to your traffic, you are advised to *not* enable compression. + For this reason compression support was removed from current versions + of OpenVPN. It will still decompress compressed packets removed via + a VPN connection but it will never compress any outgoing packets. + --comp-lzo mode **DEPRECATED** Enable LZO compression algorithm. Compression is generally not recommended. VPN tunnels which uses compression are suspectible to the VORALCE attack vector. - Use LZO compression -- may add up to 1 byte per packet for incompressible - data. ``mode`` may be :code:`yes`, :code:`no`, or :code:`adaptive` - (default). + Allows the other side of the connection to use LZO compression. Due + to difference in packet format this may adds 1 additional byte per packet. + With current versions of OpenVPN no actual compression will happen. - In a server mode setup, it is possible to selectively turn compression - on or off for individual clients. + ``mode`` may be :code:`yes`, :code:`no`, or :code:`adaptive` + but there is no actual change in behavior anymore. - First, make sure the client-side config file enables selective - compression by having at least one ``--comp-lzo`` directive, such as - ``--comp-lzo no``. This will turn off compression by default, but allow - a future directive push from the server to dynamically change the - :code:`on`/:code:`off`/:code:`adaptive` setting. - - Next in a ``--client-config-dir`` file, specify the compression setting - for the client, for example: - :: - -comp-lzo yes -push "comp-lzo yes" - - The first line sets the ``comp-lzo`` setting for the server side of the - link, the second sets the client side. --comp-noadapt - **DEPRECATED** When used in conjunction with ``--comp-lzo``, this option - will disable OpenVPN's adaptive compression algorithm. Normally, adaptive - compression is enabled with ``--comp-lzo``. - - Adaptive compression tries to optimize the case where you have - compression enabled, but you are sending predominantly incompressible - (or pre-compressed) packets over the tunnel, such as an FTP or rsync - transfer of a large, compressed file. With adaptive compression, OpenVPN - will periodically sample the compression process to measure its - efficiency. If the data being sent over the tunnel is already - compressed, the compression efficiency will be very low, triggering - openvpn to disable compression for a period of time until the next - re-sample test. + **DEPRECATED** This option does not have any effect anymore since current + versions of OpenVPN never compress outgoing packets. --key-direction Alternative way of specifying the optional direction parameter for the
[Openvpn-devel] [PATCH applied] Re: Introduce DRIVER_AFUNIX backend for use with lwipovpn
This patch "in itself" is not that complex, but the implications on
testing ("run server and client on the same machine, do a full 'ping'
or even 'http' through the tunnel without namespace/VRF/... support")
are very nice :-)
Stared-at-code, fed to GHA and local test builds, and ran one of
my t_client.rc stanzas with
... --dev-node $path/lwipovpn --ifconfig-noexec --route-noexec
and lo and behold :-)
lwipovpn init complete: type=tun mtu=1500 local_ip=10.194.2.54 netmask=(not
set) gw=(not set) local_ipv6=FD00:ABCD:194:2::100C
... ping through the tunnel works.
This patch itself is still rough (needs explicit --ifconfig-noexec,
triggers some warnings about "ifconfig_netmask=(not set)", etc.) but
that is fixed by the following patches in the series.
As discussed on IRC and noted in Gerrit, I have unwrapped the
missing-space-word-wrapped "offload" - our 80 char line length is
a somewhat soft limit, in case wrapping gets even more ugly.
Your patch has been applied to the master branch.
commit d0a93625a335fdc42fff808c9e9d2b62b232eef2
Author: Arne Schwabe
Date: Tue Sep 24 13:01:29 2024 +0200
Introduce DRIVER_AFUNIX backend for use with lwipovpn
Signed-off-by: Arne Schwabe
Acked-by: Gert Doering
Message-Id: <20240924110130.3910-1-g...@greenie.muc.de>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29379.html
Signed-off-by: Gert Doering
--
kind regards,
Gert Doering
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [L] Change in openvpn[master]: Introduce DRIVER_AFUNIX backend for use with lwipovpn
cron2 has uploaded a new patch set (#12) to the change originally created by
plaisthos. ( http://gerrit.openvpn.net/c/openvpn/+/747?usp=email )
The following approvals got outdated and were removed:
Code-Review+2 by cron2
Change subject: Introduce DRIVER_AFUNIX backend for use with lwipovpn
..
Introduce DRIVER_AFUNIX backend for use with lwipovpn
lwipovpn is a using lwip TCP/IP implementation with an AF_UNIX
implementation to emulate a tun/tap device without messing with the
TCP/IP stack of the host.
For more information about lwipovpn see https://github.com/OpenVPN/lwipovpn
Change-Id: I65099ef00822d08fd3f5480c80892f3bf86c56e7
Signed-off-by: Arne Schwabe
Acked-by: Gert Doering
Message-Id: <20240924110130.3910-1-g...@greenie.muc.de>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29379.html
Signed-off-by: Gert Doering
---
M CMakeLists.txt
M Changes.rst
M doc/man-sections/vpn-network-options.rst
M src/openvpn/Makefile.am
M src/openvpn/dco.c
M src/openvpn/forward.c
M src/openvpn/init.c
M src/openvpn/run_command.c
M src/openvpn/run_command.h
M src/openvpn/tun.c
M src/openvpn/tun.h
A src/openvpn/tun_afunix.c
A src/openvpn/tun_afunix.h
13 files changed, 393 insertions(+), 16 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/47/747/12
diff --git a/CMakeLists.txt b/CMakeLists.txt
index ad620fa..6271574 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -536,6 +536,8 @@
src/openvpn/tls_crypt.c
src/openvpn/tun.c
src/openvpn/tun.h
+src/openvpn/tun_afunix.c
+src/openvpn/tun_afunix.h
src/openvpn/networking_sitnl.c
src/openvpn/networking_freebsd.c
src/openvpn/auth_token.c
diff --git a/Changes.rst b/Changes.rst
index 439352a..7d19577 100644
--- a/Changes.rst
+++ b/Changes.rst
@@ -9,6 +9,19 @@
the user experience as the client shows an error instead of running into
a timeout when the server just stops responding completely.
+Support for tun/tap via unix domain socket and lwipovpn support
+To allow better testing and emulating a full client with a full
+network stack OpenVPN now allows a program executed to provide
+a tun/tap device instead of opening a device.
+
+The co-developed lwipovpn program based on lwIP stack allows to
+simulate full IP stack and an OpenVPN client using
+``--dev-node unix:/path/to/lwipovpn`` can emulate a full client that
+can be pinged, can serve a website and more without requiring any
+elevated permission. This can make testing OpenVPN much easier.
+
+For more details see [lwipovpn on
Gihtub](https://github.com/OpenVPN/lwipovpn).
+
Deprecated features
---
``secret`` support has been removed by default.
diff --git a/doc/man-sections/vpn-network-options.rst
b/doc/man-sections/vpn-network-options.rst
index 84d4273..fc76939 100644
--- a/doc/man-sections/vpn-network-options.rst
+++ b/doc/man-sections/vpn-network-options.rst
@@ -117,6 +117,16 @@
figure out whether ``node`` is a TUN or TAP device based on the name,
you should also specify ``--dev-type tun`` or ``--dev-type tap``.
+ If ``node`` starts with the string ``unix:`` openvpn will treat the rest
+ of the argument as a program.
+ OpenVPN will start the program and create a temporary unix domain socket that
+ will be passed to the program together with the tun configuration as
+ environment variables. The temporary unix domain socket will be be passed
+ in the environment variable :code:`TUNTAP_SOCKET_FD`.
+
+ This ``unix:`` mode is designed mainly to use with the lwipovpn network
+ emulator (https://github.com/OpenVPN/lwipovpn).
+
--dev-type device-type
Which device type are we using? ``device-type`` should be :code:`tun`
(OSI Layer 3) or :code:`tap` (OSI Layer 2). Use this option only if
diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am
index 3784a98..ecb2bcf 100644
--- a/src/openvpn/Makefile.am
+++ b/src/openvpn/Makefile.am
@@ -140,6 +140,7 @@
syshead.h \
tls_crypt.c tls_crypt.h \
tun.c tun.h \
+ tun_afunix.c tun_afunix.h \
vlan.c vlan.h \
xkey_provider.c xkey_common.h \
xkey_helper.c \
diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index 0df185e..161126b 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -41,6 +41,7 @@
#include "ssl_common.h"
#include "ssl_ncp.h"
#include "tun.h"
+#include "tun_afunix.h"
#ifdef HAVE_LIBCAPNG
#include
@@ -298,6 +299,12 @@
return false;
}
+if (is_tun_afunix(o->dev_node))
+{
+msg(msglevel, "Note: afunix tun type selected, disabling data channel
offload");
+return false;
+}
+
if (o->connection_list)
{
const struct connection_list *l = o->connection_list;
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index a88a4bb..6df01d1 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -41,6 +4
[Openvpn-devel] [L] Change in openvpn[master]: Introduce DRIVER_AFUNIX backend for use with lwipovpn
cron2 has submitted this change. (
http://gerrit.openvpn.net/c/openvpn/+/747?usp=email )
Change subject: Introduce DRIVER_AFUNIX backend for use with lwipovpn
..
Introduce DRIVER_AFUNIX backend for use with lwipovpn
lwipovpn is a using lwip TCP/IP implementation with an AF_UNIX
implementation to emulate a tun/tap device without messing with the
TCP/IP stack of the host.
For more information about lwipovpn see https://github.com/OpenVPN/lwipovpn
Change-Id: I65099ef00822d08fd3f5480c80892f3bf86c56e7
Signed-off-by: Arne Schwabe
Acked-by: Gert Doering
Message-Id: <20240924110130.3910-1-g...@greenie.muc.de>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29379.html
Signed-off-by: Gert Doering
---
M CMakeLists.txt
M Changes.rst
M doc/man-sections/vpn-network-options.rst
M src/openvpn/Makefile.am
M src/openvpn/dco.c
M src/openvpn/forward.c
M src/openvpn/init.c
M src/openvpn/run_command.c
M src/openvpn/run_command.h
M src/openvpn/tun.c
M src/openvpn/tun.h
A src/openvpn/tun_afunix.c
A src/openvpn/tun_afunix.h
13 files changed, 393 insertions(+), 16 deletions(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index ad620fa..6271574 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -536,6 +536,8 @@
src/openvpn/tls_crypt.c
src/openvpn/tun.c
src/openvpn/tun.h
+src/openvpn/tun_afunix.c
+src/openvpn/tun_afunix.h
src/openvpn/networking_sitnl.c
src/openvpn/networking_freebsd.c
src/openvpn/auth_token.c
diff --git a/Changes.rst b/Changes.rst
index 439352a..7d19577 100644
--- a/Changes.rst
+++ b/Changes.rst
@@ -9,6 +9,19 @@
the user experience as the client shows an error instead of running into
a timeout when the server just stops responding completely.
+Support for tun/tap via unix domain socket and lwipovpn support
+To allow better testing and emulating a full client with a full
+network stack OpenVPN now allows a program executed to provide
+a tun/tap device instead of opening a device.
+
+The co-developed lwipovpn program based on lwIP stack allows to
+simulate full IP stack and an OpenVPN client using
+``--dev-node unix:/path/to/lwipovpn`` can emulate a full client that
+can be pinged, can serve a website and more without requiring any
+elevated permission. This can make testing OpenVPN much easier.
+
+For more details see [lwipovpn on
Gihtub](https://github.com/OpenVPN/lwipovpn).
+
Deprecated features
---
``secret`` support has been removed by default.
diff --git a/doc/man-sections/vpn-network-options.rst
b/doc/man-sections/vpn-network-options.rst
index 84d4273..fc76939 100644
--- a/doc/man-sections/vpn-network-options.rst
+++ b/doc/man-sections/vpn-network-options.rst
@@ -117,6 +117,16 @@
figure out whether ``node`` is a TUN or TAP device based on the name,
you should also specify ``--dev-type tun`` or ``--dev-type tap``.
+ If ``node`` starts with the string ``unix:`` openvpn will treat the rest
+ of the argument as a program.
+ OpenVPN will start the program and create a temporary unix domain socket that
+ will be passed to the program together with the tun configuration as
+ environment variables. The temporary unix domain socket will be be passed
+ in the environment variable :code:`TUNTAP_SOCKET_FD`.
+
+ This ``unix:`` mode is designed mainly to use with the lwipovpn network
+ emulator (https://github.com/OpenVPN/lwipovpn).
+
--dev-type device-type
Which device type are we using? ``device-type`` should be :code:`tun`
(OSI Layer 3) or :code:`tap` (OSI Layer 2). Use this option only if
diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am
index 3784a98..ecb2bcf 100644
--- a/src/openvpn/Makefile.am
+++ b/src/openvpn/Makefile.am
@@ -140,6 +140,7 @@
syshead.h \
tls_crypt.c tls_crypt.h \
tun.c tun.h \
+ tun_afunix.c tun_afunix.h \
vlan.c vlan.h \
xkey_provider.c xkey_common.h \
xkey_helper.c \
diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index 0df185e..161126b 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -41,6 +41,7 @@
#include "ssl_common.h"
#include "ssl_ncp.h"
#include "tun.h"
+#include "tun_afunix.h"
#ifdef HAVE_LIBCAPNG
#include
@@ -298,6 +299,12 @@
return false;
}
+if (is_tun_afunix(o->dev_node))
+{
+msg(msglevel, "Note: afunix tun type selected, disabling data channel
offload");
+return false;
+}
+
if (o->connection_list)
{
const struct connection_list *l = o->connection_list;
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index a88a4bb..6df01d1 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -41,6 +41,7 @@
#include "ssl_verify.h"
#include "dco.h"
#include "auth_token.h"
+#include "tun_afunix.h"
#include "memdbg.h"
@@ -1319,7 +1320,14 @@
#else /* ifdef _WIN32 */
ASSERT(buf_init(&c->c2.buf, c
[Openvpn-devel] [PATCH v11] Change dev null to be a driver type instead of a special mode of tun/tap
From: Arne Schwabe
Change-Id: I5987ebb7c38ab176eed7efc004ea54f606a77a12
Signed-off-by: Arne Schwabe
Acked-by: Gert Doering
---
This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/748
This mail reflects revision 11 of this Change.
Acked-by according to Gerrit (reflected above):
Gert Doering
diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index ecef455..7864db3 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -306,6 +306,13 @@
return false;
}
+if (is_dev_type(o->dev, o->dev_type, "null"))
+{
+msg(msglevel, "Note: null tun type selected, disabling data channel "
+"offload");
+return false;
+}
+
if (o->connection_list)
{
const struct connection_list *l = o->connection_list;
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 1a14e19..fbf2c5b 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -1764,6 +1764,10 @@
/* Using AF_UNIX trumps using DCO */
c->c1.tuntap->backend_driver = DRIVER_AFUNIX;
}
+else if (is_dev_type(c->options.dev, c->options.dev_type, "null"))
+{
+c->c1.tuntap->backend_driver = DRIVER_NULL;
+}
#ifdef _WIN32
else
{
@@ -1858,7 +1862,12 @@
open_tun_backend(struct context *c)
{
struct tuntap *tt = c->c1.tuntap;
-if (tt->backend_driver == DRIVER_AFUNIX)
+
+if (tt->backend_driver == DRIVER_NULL)
+{
+open_tun_null(c->c1.tuntap);
+}
+else if (tt->backend_driver == DRIVER_AFUNIX)
{
open_tun_afunix(&c->options, c->c2.frame.tun_mtu, tt, c->c2.es);
}
@@ -2059,6 +2068,11 @@
{
close_tun_afunix(c->c1.tuntap);
}
+else if (c->c1.tuntap->backend_driver == DRIVER_NULL)
+{
+free(c->c1.tuntap->actual_name);
+free(c->c1.tuntap);
+}
else
{
close_tun(c->c1.tuntap, &c->net_ctx);
diff --git a/src/openvpn/proto.h b/src/openvpn/proto.h
index 4b6d6d6..a160fb6 100644
--- a/src/openvpn/proto.h
+++ b/src/openvpn/proto.h
@@ -33,7 +33,6 @@
* Tunnel types
*/
#define DEV_TYPE_UNDEF 0
-#define DEV_TYPE_NULL 1
#define DEV_TYPE_TUN 2/* point-to-point IP tunnel */
#define DEV_TYPE_TAP 3/* ethernet (802.3) tunnel */
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index b305b64..770e806 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -75,6 +75,9 @@
case DRIVER_AFUNIX:
return "unix";
+case DRIVER_NULL:
+return "null";
+
case DRIVER_UTUN:
return "utun";
@@ -463,7 +466,9 @@
int
dev_type_enum(const char *dev, const char *dev_type)
{
-if (is_dev_type(dev, dev_type, "tun"))
+/* We pretend that the null device is also a tun device but it does not
+ * really matter as it will discard everything anyway */
+if (is_dev_type(dev, dev_type, "tun") || is_dev_type(dev, dev_type,
"null"))
{
return DEV_TYPE_TUN;
}
@@ -471,10 +476,6 @@
{
return DEV_TYPE_TAP;
}
-else if (is_dev_type(dev, dev_type, "null"))
-{
-return DEV_TYPE_NULL;
-}
else
{
return DEV_TYPE_UNDEF;
@@ -492,9 +493,6 @@
case DEV_TYPE_TAP:
return "tap";
-case DEV_TYPE_NULL:
-return "null";
-
default:
return "[unknown-dev-type]";
}
@@ -768,8 +766,7 @@
bool tun_p2p = false;
if (tt->type == DEV_TYPE_TAP
-|| (tt->type == DEV_TYPE_TUN && tt->topology == TOP_SUBNET)
-|| tt->type == DEV_TYPE_NULL)
+|| (tt->type == DEV_TYPE_TUN && tt->topology == TOP_SUBNET))
{
tun_p2p = false;
}
@@ -780,7 +777,6 @@
else
{
msg(M_FATAL, "Error: problem with tun vs. tap setting"); /* JYFIXME --
needs to be caught earlier, in init_tun? */
-
}
return tun_p2p;
}
@@ -1748,7 +1744,7 @@
void
undo_ifconfig(struct tuntap *tt, openvpn_net_ctx_t *ctx)
{
-if (tt->type != DEV_TYPE_NULL)
+if (tt->backend_driver != DRIVER_NULL)
{
if (tt->did_ifconfig_setup)
{
@@ -1779,13 +1775,6 @@
#endif
}
-static void
-open_null(struct tuntap *tt)
-{
-tt->actual_name = string_alloc("null", NULL);
-}
-
-
#if defined (TARGET_OPENBSD) || (defined(TARGET_DARWIN) && HAVE_NET_IF_UTUN_H)
/*
@@ -1901,78 +1890,72 @@
char dynamic_name[256];
bool dynamic_opened = false;
-if (tt->type == DEV_TYPE_NULL)
+/*
+ * --dev-node specified, so open an explicit device node
+ */
+if (dev_node)
{
-open_null(tt);
+snprintf(tunname, sizeof(tunname), "%s", dev_node);
}
else
{
/*
- * --dev-node specified, so open an explicit device node
+ * dynamic open is indicated by --dev specified without
+ * explicit unit number. Try opening /dev/[d
[Openvpn-devel] [M] Change in openvpn[master]: Change dev null to be a driver type instead of a special mode of tun/tap
Attention is currently required from: flichtenheld, plaisthos. cron2 has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/748?usp=email ) Change subject: Change dev null to be a driver type instead of a special mode of tun/tap .. Patch Set 11: Code-Review+2 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/748?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I5987ebb7c38ab176eed7efc004ea54f606a77a12 Gerrit-Change-Number: 748 Gerrit-PatchSet: 11 Gerrit-Owner: plaisthos Gerrit-Reviewer: cron2 Gerrit-Reviewer: flichtenheld Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: flichtenheld Gerrit-Comment-Date: Tue, 24 Sep 2024 12:43:04 + Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH v11] Use print_tun_backend_driver instead of custom code to print type
From: Arne Schwabe
Also show the device type that we opened always instead of certain
conditions only.
Change-Id: Ib8f12516dbe294e21d3fed77478fb7660d4600c1
Signed-off-by: Arne Schwabe
Acked-by: Gert Doering
---
This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/749
This mail reflects revision 11 of this Change.
Acked-by according to Gerrit (reflected above):
Gert Doering
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index fbf2c5b..cd9203a 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -1876,6 +1876,7 @@
open_tun(c->options.dev, c->options.dev_type, c->options.dev_node,
tt, &c->net_ctx);
}
+msg(M_INFO, "%s device [%s] opened",
print_tun_backend_driver(tt->backend_driver), tt->actual_name);
}
@@ -2056,7 +2057,7 @@
do_close_tun_simple(struct context *c)
{
msg(D_CLOSE, "Closing %s interface",
-dco_enabled(&c->options) ? "DCO" : "TUN/TAP");
+print_tun_backend_driver(c->c1.tuntap->backend_driver));
if (c->c1.tuntap)
{
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 770e806..206ddc0 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -6678,7 +6678,6 @@
* GUID using the registry */
tt->actual_name = string_alloc((const char *)actual_buffer, NULL);
-msg(M_INFO, "%s device [%s] opened",
print_tun_backend_driver(tt->backend_driver), tt->actual_name);
tt->adapter_index = get_adapter_index(*device_guid);
}
diff --git a/src/openvpn/tun.h b/src/openvpn/tun.h
index b2c1b01..329cd10 100644
--- a/src/openvpn/tun.h
+++ b/src/openvpn/tun.h
@@ -361,6 +361,12 @@
void warn_on_use_of_common_subnets(openvpn_net_ctx_t *ctx);
+/**
+ * Return a string representation of the tun backed driver type
+ */
+const char *
+print_tun_backend_driver(enum tun_driver_type driver);
+
/*
* Should ifconfig be called before or after
* tun dev open?
@@ -689,9 +695,6 @@
return tuntap_is_dco_win(tt) && (status < 0) && (openvpn_errno() ==
ERROR_NETNAME_DELETED);
}
-const char *
-print_tun_backend_driver(enum tun_driver_type driver);
-
#else /* ifdef _WIN32 */
static inline bool
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: Automatically enable ifconfig-exec/route-exec behaviour for afunix tu...
Attention is currently required from: flichtenheld, plaisthos. cron2 has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/750?usp=email ) Change subject: Automatically enable ifconfig-exec/route-exec behaviour for afunix tun/tap .. Patch Set 11: Code-Review+2 (1 comment) File src/openvpn/tun.c: http://gerrit.openvpn.net/c/openvpn/+/750/comment/0b10a0ed_debf7137 : PS10, Line 1747: if (tt->backend_driver != DRIVER_AFUNIX && tt->backend_driver != DRIVER_NULL) > I think there is rebase corruption here - this should go into the > "DRIVER_NULL" patch confusion on my part, sorry -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/750?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I0a2957699757665d70514ba7cafe833443018ad6 Gerrit-Change-Number: 750 Gerrit-PatchSet: 11 Gerrit-Owner: plaisthos Gerrit-Reviewer: cron2 Gerrit-Reviewer: flichtenheld Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: flichtenheld Gerrit-Comment-Date: Tue, 24 Sep 2024 10:28:34 + Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Comment-In-Reply-To: cron2 Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [L] Change in openvpn[master]: Introduce DRIVER_AFUNIX backend for use with lwipovpn
Attention is currently required from: flichtenheld, plaisthos. cron2 has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/747?usp=email ) Change subject: Introduce DRIVER_AFUNIX backend for use with lwipovpn .. Patch Set 11: Code-Review-1 (3 comments) Patchset: PS11: the dco.c string fix was overlooked, the rest is ready to be merged now (not sure why the builds fail in t_server_null) File src/openvpn/dco.c: http://gerrit.openvpn.net/c/openvpn/+/747/comment/9fcc0c82_242360d5 : PS10, Line 306: return false; > Done Umm. This does not look changed between 10 and 11? I saw a similar code fragment changed in a different patch, but not here... File src/openvpn/tun_afunix.c: http://gerrit.openvpn.net/c/openvpn/+/747/comment/42b0e935_ab5748b8 : PS10, Line 125: > I am not sure that waiting is really needed. We could wait to ensure that the > child really exits. […] ignoring SIGCHLD is good enough -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/747?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I65099ef00822d08fd3f5480c80892f3bf86c56e7 Gerrit-Change-Number: 747 Gerrit-PatchSet: 11 Gerrit-Owner: plaisthos Gerrit-Reviewer: cron2 Gerrit-Reviewer: flichtenheld Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: flichtenheld Gerrit-Comment-Date: Tue, 24 Sep 2024 10:42:26 + Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Comment-In-Reply-To: plaisthos Comment-In-Reply-To: cron2 Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH] Configurable installation directories
Hi there!
Continuing the packaging of the latest OpenVPN-linux for NixOS, I would
like to propose the following addition to the build system.
What it does is it allows you to customize the installation paths for DBus
and systemd services and adds the option to disable the generation of
`openvpn3_statedir / 'configs'` directory (which is not always desired,
e.g. when the OS takes this responsibility).
~ Petr Portnov
From 848cc46d05c203de393d75434a3f571d78687f50 Mon Sep 17 00:00:00 2001
From: Petr Portnov
Date: Sun, 22 Sep 2024 13:16:02 +0300
Subject: [PATCH] build: allow installation directories' customization
This allows to configure the installation directories
for systemd and D-Bus files.
Signed-off-by: Petr Portnov
---
distro/systemd/meson.build | 9 +++--
meson.build| 12 ++--
meson_options.txt | 12
src/configmgr/meson.build | 10 ++
4 files changed, 35 insertions(+), 8 deletions(-)
diff --git a/distro/systemd/meson.build b/distro/systemd/meson.build
index 36d556c..9c636b6 100644
--- a/distro/systemd/meson.build
+++ b/distro/systemd/meson.build
@@ -15,12 +15,17 @@ systemd_cfg = configuration_data({
systemd_service_cfg = dependency('systemd')
+systemd_system_unit_dir = get_option('systemd_system_unit_dir')
+if systemd_system_unit_dir == ''
+ systemd_system_unit_dir = systemd_service_cfg.get_variable('systemdsystemunitdir')
+endif
+
configure_file(
input: 'openvpn3-autoload.service.in',
output: 'openvpn3-autoload.service',
configuration: systemd_cfg,
install: true,
-install_dir: systemd_service_cfg.get_variable('systemdsystemunitdir'),
+install_dir: systemd_system_unit_dir,
)
configure_file(
@@ -28,7 +33,7 @@ configure_file(
output: 'openvpn3-session@.service',
configuration: systemd_cfg,
install: true,
-install_dir: systemd_service_cfg.get_variable('systemdsystemunitdir'),
+install_dir: systemd_system_unit_dir,
)
custom_target('openvpn3-systemd',
diff --git a/meson.build b/meson.build
index 586c72a..ba41440 100644
--- a/meson.build
+++ b/meson.build
@@ -203,8 +203,16 @@ message('OpenVPN 3 Linux service binary directory: ' + get_option('prefix') / li
#
# D-Bus configuration
-dbus_policy_dir = dep_dbus.get_variable('datadir') / 'dbus-1' / 'system.d'
-dbus_service_dir = dep_dbus.get_variable('system_bus_services_dir')
+dbus_policy_dir = get_option('dbus_policy_dir')
+if dbus_policy_dir == ''
+dbus_policy_dir = dep_dbus.get_variable('datadir') / 'dbus-1' / 'system.d'
+endif
+
+dbus_service_dir = get_option('dbus_system_service_dir')
+if dbus_service_dir == ''
+dbus_service_dir = dep_dbus.get_variable('system_bus_services_dir')
+endif
+
dbus_config = {
'OPENVPN_USERNAME': get_option('openvpn_username'),
'LIBEXEC_PATH': get_option('prefix') / libexec_dir,
diff --git a/meson_options.txt b/meson_options.txt
index 43e301e..04809df 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -93,6 +93,18 @@ option('use-legacy-polkit-pkla', type: 'feature', value: 'disabled',
option('polkit_pkla_rulesdir', type: 'string', value: '',
description: 'Override PolicyKit PKLA rules directory')
+#
+# Installation
+#
+option('dbus_policy_dir', type: 'string',
+ description: 'D-Bus policy directory')
+option('dbus_system_service_dir', type: 'string',
+ description: 'D-Bus system service directory')
+option('systemd_system_unit_dir', type: 'string',
+ description: 'Path to systemd system unit directory')
+option('create_statedir', type: 'feature', value: 'enabled',
+ description: 'Create directory for OpenVPN 3 state during install phase')
+
#
# Testing tools
#
diff --git a/src/configmgr/meson.build b/src/configmgr/meson.build
index 5d0a649..6f788b7 100644
--- a/src/configmgr/meson.build
+++ b/src/configmgr/meson.build
@@ -52,7 +52,9 @@ configure_file(
install_dir: dbus_service_dir,
)
-# Create the configs directory for persistent configuration profiles
-# NOTE: Can be replaced with install_emptydir() when Meson 0.60 or newer
-# is available on all supported distros
-meson.add_install_script('sh','-c', 'mkdir -p $DESTDIR@0@'.format(openvpn3_statedir / 'configs'))
+if get_option('create_statedir').enabled()
+# Create the configs directory for persistent configuration profiles
+# NOTE: Can be replaced with install_emptydir() when Meson 0.60 or newer
+# is available on all supported distros
+meson.add_install_script('sh','-c', 'mkdir -p $DESTDIR@0@'.format(openvpn3_statedir / 'configs'))
+endif
--
2.45.2
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: Automatically enable ifconfig-exec/route-exec behaviour for afunix tu...
cron2 has uploaded a new patch set (#12) to the change originally created by
plaisthos. ( http://gerrit.openvpn.net/c/openvpn/+/750?usp=email )
The following approvals got outdated and were removed:
Code-Review+2 by cron2
Change subject: Automatically enable ifconfig-exec/route-exec behaviour for
afunix tun/tap
..
Automatically enable ifconfig-exec/route-exec behaviour for afunix tun/tap
Change-Id: I0a2957699757665d70514ba7cafe833443018ad6
Signed-off-by: Arne Schwabe
Acked-by: Gert Doering
Message-Id: <20240924131437.22294-1-g...@greenie.muc.de>
URL:
https://www.mail-archive.com/search?l=mid&q=20240924131437.22294-1-g...@greenie.muc.de
Signed-off-by: Gert Doering
---
M src/openvpn/init.c
M src/openvpn/tun.c
2 files changed, 30 insertions(+), 5 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/50/750/12
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index cd9203a..876edad 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -1679,6 +1679,18 @@
#endif /* ifdef ENABLE_MANAGEMENT */
}
+/**
+ * Determine if external route commands should be executed based on
+ * configured options and backend driver
+ */
+static bool
+route_noexec_enabled(const struct options *o, const struct tuntap *tt)
+{
+return o->route_noexec
+ || (tt && tt->backend_driver == DRIVER_AFUNIX)
+ || (tt && tt->backend_driver == DRIVER_NULL);
+}
+
/*
* Possibly add routes and/or call route-up script
* based on options.
@@ -1693,7 +1705,7 @@
openvpn_net_ctx_t *ctx)
{
bool ret = true;
-if (!options->route_noexec && ( route_list || route_ipv6_list ) )
+if (!route_noexec_enabled(options, tt) && ( route_list || route_ipv6_list
) )
{
ret = add_routes(route_list, route_ipv6_list, tt,
ROUTE_OPTION_FLAGS(options),
es, ctx);
@@ -1858,6 +1870,19 @@
#endif
}
+/**
+ * Determines if ifconfig execution should be disabled because of a
+ * @param c
+ * @return
+ */
+static bool
+ifconfig_noexec_enabled(const struct context *c)
+{
+return c->options.ifconfig_noexec
+ || (c->c1.tuntap && c->c1.tuntap->backend_driver == DRIVER_AFUNIX)
+ || (c->c1.tuntap && c->c1.tuntap->backend_driver == DRIVER_NULL);
+}
+
static void
open_tun_backend(struct context *c)
{
@@ -1937,7 +1962,7 @@
}
/* do ifconfig */
-if (!c->options.ifconfig_noexec
+if (!ifconfig_noexec_enabled(c)
&& ifconfig_order(c->c1.tuntap) == IFCONFIG_BEFORE_TUN_OPEN)
{
/* guess actual tun/tap unit number that will be returned
@@ -1978,7 +2003,7 @@
}
/* do ifconfig */
-if (!c->options.ifconfig_noexec
+if (!ifconfig_noexec_enabled(c)
&& ifconfig_order(c->c1.tuntap) == IFCONFIG_AFTER_TUN_OPEN)
{
do_ifconfig(c->c1.tuntap, c->c1.tuntap->actual_name,
@@ -2061,7 +2086,7 @@
if (c->c1.tuntap)
{
-if (!c->options.ifconfig_noexec)
+if (!ifconfig_noexec_enabled(c))
{
undo_ifconfig(c->c1.tuntap, &c->net_ctx);
}
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 206ddc0..85fe01a 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -1744,7 +1744,7 @@
void
undo_ifconfig(struct tuntap *tt, openvpn_net_ctx_t *ctx)
{
-if (tt->backend_driver != DRIVER_NULL)
+if (tt->backend_driver != DRIVER_NULL && tt->backend_driver !=
DRIVER_AFUNIX)
{
if (tt->did_ifconfig_setup)
{
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/750?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I0a2957699757665d70514ba7cafe833443018ad6
Gerrit-Change-Number: 750
Gerrit-PatchSet: 12
Gerrit-Owner: plaisthos
Gerrit-Reviewer: cron2
Gerrit-Reviewer: flichtenheld
Gerrit-CC: openvpn-devel
Gerrit-MessageType: newpatchset
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH applied] Re: Automatically enable ifconfig-exec/route-exec behaviour for afunix tun/tap
This is basically just a convenience, to avoid having to explicitly add
--ifconfig-noexec --route-noexec to the options whenever using --dev null
or --dev-node af_unix: ("because there is no device to be configured"),
and as such does not change anything for all other cases.
Your patch has been applied to the master branch.
commit 5c4a0b71abecf1ccfff4c2ddadf0db9818b40f36
Author: Arne Schwabe
Date: Tue Sep 24 15:14:37 2024 +0200
Automatically enable ifconfig-exec/route-exec behaviour for afunix tun/tap
Signed-off-by: Arne Schwabe
Acked-by: Gert Doering
Message-Id: <20240924131437.22294-1-g...@greenie.muc.de>
URL:
https://www.mail-archive.com/search?l=mid&q=20240924131437.22294-1-g...@greenie.muc.de
Signed-off-by: Gert Doering
--
kind regards,
Gert Doering
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: Automatically enable ifconfig-exec/route-exec behaviour for afunix tu...
cron2 has submitted this change. (
http://gerrit.openvpn.net/c/openvpn/+/750?usp=email )
Change subject: Automatically enable ifconfig-exec/route-exec behaviour for
afunix tun/tap
..
Automatically enable ifconfig-exec/route-exec behaviour for afunix tun/tap
Change-Id: I0a2957699757665d70514ba7cafe833443018ad6
Signed-off-by: Arne Schwabe
Acked-by: Gert Doering
Message-Id: <20240924131437.22294-1-g...@greenie.muc.de>
URL:
https://www.mail-archive.com/search?l=mid&q=20240924131437.22294-1-g...@greenie.muc.de
Signed-off-by: Gert Doering
---
M src/openvpn/init.c
M src/openvpn/tun.c
2 files changed, 30 insertions(+), 5 deletions(-)
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index cd9203a..876edad 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -1679,6 +1679,18 @@
#endif /* ifdef ENABLE_MANAGEMENT */
}
+/**
+ * Determine if external route commands should be executed based on
+ * configured options and backend driver
+ */
+static bool
+route_noexec_enabled(const struct options *o, const struct tuntap *tt)
+{
+return o->route_noexec
+ || (tt && tt->backend_driver == DRIVER_AFUNIX)
+ || (tt && tt->backend_driver == DRIVER_NULL);
+}
+
/*
* Possibly add routes and/or call route-up script
* based on options.
@@ -1693,7 +1705,7 @@
openvpn_net_ctx_t *ctx)
{
bool ret = true;
-if (!options->route_noexec && ( route_list || route_ipv6_list ) )
+if (!route_noexec_enabled(options, tt) && ( route_list || route_ipv6_list
) )
{
ret = add_routes(route_list, route_ipv6_list, tt,
ROUTE_OPTION_FLAGS(options),
es, ctx);
@@ -1858,6 +1870,19 @@
#endif
}
+/**
+ * Determines if ifconfig execution should be disabled because of a
+ * @param c
+ * @return
+ */
+static bool
+ifconfig_noexec_enabled(const struct context *c)
+{
+return c->options.ifconfig_noexec
+ || (c->c1.tuntap && c->c1.tuntap->backend_driver == DRIVER_AFUNIX)
+ || (c->c1.tuntap && c->c1.tuntap->backend_driver == DRIVER_NULL);
+}
+
static void
open_tun_backend(struct context *c)
{
@@ -1937,7 +1962,7 @@
}
/* do ifconfig */
-if (!c->options.ifconfig_noexec
+if (!ifconfig_noexec_enabled(c)
&& ifconfig_order(c->c1.tuntap) == IFCONFIG_BEFORE_TUN_OPEN)
{
/* guess actual tun/tap unit number that will be returned
@@ -1978,7 +2003,7 @@
}
/* do ifconfig */
-if (!c->options.ifconfig_noexec
+if (!ifconfig_noexec_enabled(c)
&& ifconfig_order(c->c1.tuntap) == IFCONFIG_AFTER_TUN_OPEN)
{
do_ifconfig(c->c1.tuntap, c->c1.tuntap->actual_name,
@@ -2061,7 +2086,7 @@
if (c->c1.tuntap)
{
-if (!c->options.ifconfig_noexec)
+if (!ifconfig_noexec_enabled(c))
{
undo_ifconfig(c->c1.tuntap, &c->net_ctx);
}
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 206ddc0..85fe01a 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -1744,7 +1744,7 @@
void
undo_ifconfig(struct tuntap *tt, openvpn_net_ctx_t *ctx)
{
-if (tt->backend_driver != DRIVER_NULL)
+if (tt->backend_driver != DRIVER_NULL && tt->backend_driver !=
DRIVER_AFUNIX)
{
if (tt->did_ifconfig_setup)
{
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/750?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I0a2957699757665d70514ba7cafe833443018ad6
Gerrit-Change-Number: 750
Gerrit-PatchSet: 12
Gerrit-Owner: plaisthos
Gerrit-Reviewer: cron2
Gerrit-Reviewer: flichtenheld
Gerrit-CC: openvpn-devel
Gerrit-MessageType: merged
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: Automatically enable --compress migrate on the server
Attention is currently required from: flichtenheld. plaisthos has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/756?usp=email ) Change subject: Automatically enable --compress migrate on the server .. Patch Set 4: (1 comment) File src/openvpn/options.c: http://gerrit.openvpn.net/c/openvpn/+/756/comment/834676ef_0db434b3 : PS4, Line 3456: if (options->comp.alg == COMP_ALG_LZO || options->comp.alg == COMP_ALG_LZO_NO) I think you need to check for && !options->comp.flag & COMP_F_SWAP for COMP_ALG_LZO because otherwise we also enable this for copress lzo. Although those configs that have compress lzo will also have pushable ciphers, so I don't think there isa config that will break. But I would say that is the same as compress lz4 enabling compress migrate. btw. instead of introducing COMP_ALG_LZO_NO here you could test for (options->comp.alg == COMP_ALG_STUB && !options->comp.flag & COMP_F_SWAP) -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/756?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I00209b880cfcedd93e28f97fc3941d8b85e095f3 Gerrit-Change-Number: 756 Gerrit-PatchSet: 4 Gerrit-Owner: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-Attention: flichtenheld Gerrit-Comment-Date: Tue, 24 Sep 2024 15:07:23 + Gerrit-HasComments: Yes Gerrit-Has-Labels: No Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [M] Change in openvpn[master]: mroute: properly print protocol at the end of the string
ordex has abandoned this change. ( http://gerrit.openvpn.net/c/openvpn/+/439?usp=email ) Change subject: mroute: properly print protocol at the end of the string .. Abandoned -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/439?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I6688362d8461c112bf425ddfe488d511a64cc37e Gerrit-Change-Number: 439 Gerrit-PatchSet: 1 Gerrit-Owner: ordex Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-MessageType: abandon ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH v2] Ensure that the AF_UNIX socket pair has at least 65k of buffer space
From: Arne Schwabe
Without this change, pinging a lwipovpn client with something like a
3000 byte payload on macOS often fails as the default buffer sizes on
macOS are 2048 for send and 4096 for receive.
Change-Id: Ice015df81543c01094479929f0cb3075ca4f3813
Signed-off-by: Arne Schwabe
Acked-by: Gert Doering
---
This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/754
This mail reflects revision 2 of this Change.
Acked-by according to Gerrit (reflected above):
Gert Doering
diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c
index 6c790a0..7b1e603 100644
--- a/src/openvpn/socket.c
+++ b/src/openvpn/socket.c
@@ -890,20 +890,23 @@
#endif
}
-static void
-socket_set_buffers(socket_descriptor_t fd, const struct socket_buffer_size
*sbs)
+void
+socket_set_buffers(socket_descriptor_t fd, const struct socket_buffer_size
*sbs,
+ bool reduce_size)
{
if (sbs)
{
const int sndbuf_old = socket_get_sndbuf(fd);
const int rcvbuf_old = socket_get_rcvbuf(fd);
-if (sbs->sndbuf)
+if (sbs->sndbuf
+&& (reduce_size || sndbuf_old < sbs->sndbuf))
{
socket_set_sndbuf(fd, sbs->sndbuf);
}
-if (sbs->rcvbuf)
+if (sbs->rcvbuf
+&& (reduce_size || rcvbuf_old < sbs->rcvbuf))
{
socket_set_rcvbuf(fd, sbs->rcvbuf);
}
@@ -986,7 +989,7 @@
{
ls->socket_buffer_sizes.sndbuf = sndbuf;
ls->socket_buffer_sizes.rcvbuf = rcvbuf;
-socket_set_buffers(ls->sd, &ls->socket_buffer_sizes);
+socket_set_buffers(ls->sd, &ls->socket_buffer_sizes, true);
}
}
@@ -1136,7 +1139,7 @@
sock->info.af = addr->ai_family;
/* set socket buffers based on --sndbuf and --rcvbuf options */
-socket_set_buffers(sock->sd, &sock->socket_buffer_sizes);
+socket_set_buffers(sock->sd, &sock->socket_buffer_sizes, true);
/* set socket to --mark packets with given value */
socket_set_mark(sock->sd, sock->mark);
diff --git a/src/openvpn/socket.h b/src/openvpn/socket.h
index bbdabfb..2e583af 100644
--- a/src/openvpn/socket.h
+++ b/src/openvpn/socket.h
@@ -157,6 +157,18 @@
int sndbuf;
};
+/**
+ * Sets the receive and send buffer sizes of a socket descriptor.
+ *
+ * @param fdThe socket to modify
+ * @param sbs new sizes.
+ * @param reduce_size apply the new size even if smaller than current one
+ */
+void
+socket_set_buffers(socket_descriptor_t fd,
+ const struct socket_buffer_size *sbs,
+ bool reduce_size);
+
/*
* This is the main socket structure used by OpenVPN. The SOCKET_
* defines try to abstract away our implementation differences between
diff --git a/src/openvpn/tun_afunix.c b/src/openvpn/tun_afunix.c
index f4ce4b7..6b6c159 100644
--- a/src/openvpn/tun_afunix.c
+++ b/src/openvpn/tun_afunix.c
@@ -35,6 +35,7 @@
#include "wfp_block.h"
#include "argv.h"
#include "options.h"
+#include "socket.h"
#ifndef WIN32
/* Windows does implement some AF_UNIX functionality but key features
@@ -80,6 +81,13 @@
return;
}
+
+/* Ensure that the buffer sizes are decently sized. Otherwise macOS will
+ * just have 2048 */
+struct socket_buffer_size newsizes = {65536, 65536 };
+socket_set_buffers(fds[0], &newsizes, false);
+socket_set_buffers(fds[1], &newsizes, false);
+
/* Use the first file descriptor for our side and avoid passing it
* to the child */
tt->fd = fds[1];
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: Ensure that the AF_UNIX socket pair has at least 65k of buffer space
Attention is currently required from: flichtenheld, plaisthos. cron2 has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/754?usp=email ) Change subject: Ensure that the AF_UNIX socket pair has at least 65k of buffer space .. Patch Set 2: Code-Review+2 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/754?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ice015df81543c01094479929f0cb3075ca4f3813 Gerrit-Change-Number: 754 Gerrit-PatchSet: 2 Gerrit-Owner: plaisthos Gerrit-Reviewer: cron2 Gerrit-Reviewer: flichtenheld Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: flichtenheld Gerrit-Comment-Date: Wed, 25 Sep 2024 06:29:54 + Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
