[Openvpn-devel] [PATCH applied] Re: Improve data channel crypto error messages
Stared a bit at the code, poked MaxF to do a more thorough review (thanks), did a test compile. Out of curiosity - are you really seeing that many "authentication errors on bad connections"? Aka "shouldn't lower-layer checksums not catch and drop packet corruptions"? Your patch has been applied to the master branch. commit bacdbbee7e2c0c1114b9f5e19b124f91680fd937 Author: Steffan Karger Date: Thu Oct 17 08:49:55 2024 +0200 Improve data channel crypto error messages Signed-off-by: Steffan Karger Acked-by: MaxF Message-Id: <20241017064955.23959-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29569.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: Improve data channel crypto error messages
cron2 has submitted this change. (
http://gerrit.openvpn.net/c/openvpn/+/774?usp=email )
Change subject: Improve data channel crypto error messages
..
Improve data channel crypto error messages
* Make decryption error messages better understandable.
* Increase verbosity level for authentication errors, because those can
be expected on bad connections.
Change-Id: I0fd48191babe4fe5c56f10eb3ba88182ffb075d1
Signed-off-by: Steffan Karger
Acked-by: MaxF
Message-Id: <20241017064955.23959-1-g...@greenie.muc.de>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29569.html
Signed-off-by: Gert Doering
---
M src/openvpn/crypto.c
M src/openvpn/crypto.h
2 files changed, 12 insertions(+), 9 deletions(-)
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index 12ad0b9..064e59e 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -459,14 +459,14 @@
if (!cipher_ctx_update(ctx->cipher, BPTR(&work), &outlen, BPTR(buf),
data_len))
{
-CRYPT_ERROR("cipher update failed");
+CRYPT_ERROR("packet decryption failed");
}
ASSERT(buf_inc_len(&work, outlen));
if (!cipher_ctx_final_check_tag(ctx->cipher, BPTR(&work) + outlen,
&outlen, tag_ptr, tag_size))
{
-CRYPT_ERROR("cipher final failed");
+CRYPT_DROP("packet tag authentication failed");
}
ASSERT(buf_inc_len(&work, outlen));
@@ -538,7 +538,7 @@
/* Compare locally computed HMAC with packet HMAC */
if (memcmp_constant_time(local_hmac, BPTR(buf), hmac_len))
{
-CRYPT_ERROR("packet HMAC authentication failed");
+CRYPT_DROP("packet HMAC authentication failed");
}
ASSERT(buf_advance(buf, hmac_len));
@@ -572,26 +572,26 @@
/* ctx->cipher was already initialized with key & keylen */
if (!cipher_ctx_reset(ctx->cipher, iv_buf))
{
-CRYPT_ERROR("cipher init failed");
+CRYPT_ERROR("decrypt initialization failed");
}
/* Buffer overflow check (should never happen) */
if (!buf_safe(&work, buf->len +
cipher_ctx_block_size(ctx->cipher)))
{
-CRYPT_ERROR("potential buffer overflow");
+CRYPT_ERROR("packet too big to decrypt");
}
/* Decrypt packet ID, payload */
if (!cipher_ctx_update(ctx->cipher, BPTR(&work), &outlen,
BPTR(buf), BLEN(buf)))
{
-CRYPT_ERROR("cipher update failed");
+CRYPT_ERROR("packet decryption failed");
}
ASSERT(buf_inc_len(&work, outlen));
/* Flush the decryption buffer */
if (!cipher_ctx_final(ctx->cipher, BPTR(&work) + outlen, &outlen))
{
-CRYPT_ERROR("cipher final failed");
+CRYPT_DROP("packet authentication failed, dropping.");
}
ASSERT(buf_inc_len(&work, outlen));
diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h
index 61184bc..d91de74 100644
--- a/src/openvpn/crypto.h
+++ b/src/openvpn/crypto.h
@@ -288,8 +288,11 @@
* security operation functions. */
};
-#define CRYPT_ERROR(format) \
-do { msg(D_CRYPT_ERRORS, "%s: " format, error_prefix); goto error_exit; }
while (false)
+#define CRYPT_ERROR_EXIT(flags, format) \
+do { msg(flags, "%s: " format, error_prefix); goto error_exit; } while
(false)
+
+#define CRYPT_ERROR(format) CRYPT_ERROR_EXIT(D_CRYPT_ERRORS, format)
+#define CRYPT_DROP(format) CRYPT_ERROR_EXIT(D_MULTI_DROPPED, format)
/**
* Minimal IV length for AEAD mode ciphers (in bytes):
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/774?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I0fd48191babe4fe5c56f10eb3ba88182ffb075d1
Gerrit-Change-Number: 774
Gerrit-PatchSet: 2
Gerrit-Owner: syzzer
Gerrit-Reviewer: MaxF
Gerrit-Reviewer: flichtenheld
Gerrit-Reviewer: plaisthos
Gerrit-CC: openvpn-devel
Gerrit-MessageType: merged
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: Improve data channel crypto error messages
cron2 has uploaded a new patch set (#2) to the change originally created by
syzzer. ( http://gerrit.openvpn.net/c/openvpn/+/774?usp=email )
The following approvals got outdated and were removed:
Code-Review+2 by MaxF
Change subject: Improve data channel crypto error messages
..
Improve data channel crypto error messages
* Make decryption error messages better understandable.
* Increase verbosity level for authentication errors, because those can
be expected on bad connections.
Change-Id: I0fd48191babe4fe5c56f10eb3ba88182ffb075d1
Signed-off-by: Steffan Karger
Acked-by: MaxF
Message-Id: <20241017064955.23959-1-g...@greenie.muc.de>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29569.html
Signed-off-by: Gert Doering
---
M src/openvpn/crypto.c
M src/openvpn/crypto.h
2 files changed, 12 insertions(+), 9 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/74/774/2
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index 12ad0b9..064e59e 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -459,14 +459,14 @@
if (!cipher_ctx_update(ctx->cipher, BPTR(&work), &outlen, BPTR(buf),
data_len))
{
-CRYPT_ERROR("cipher update failed");
+CRYPT_ERROR("packet decryption failed");
}
ASSERT(buf_inc_len(&work, outlen));
if (!cipher_ctx_final_check_tag(ctx->cipher, BPTR(&work) + outlen,
&outlen, tag_ptr, tag_size))
{
-CRYPT_ERROR("cipher final failed");
+CRYPT_DROP("packet tag authentication failed");
}
ASSERT(buf_inc_len(&work, outlen));
@@ -538,7 +538,7 @@
/* Compare locally computed HMAC with packet HMAC */
if (memcmp_constant_time(local_hmac, BPTR(buf), hmac_len))
{
-CRYPT_ERROR("packet HMAC authentication failed");
+CRYPT_DROP("packet HMAC authentication failed");
}
ASSERT(buf_advance(buf, hmac_len));
@@ -572,26 +572,26 @@
/* ctx->cipher was already initialized with key & keylen */
if (!cipher_ctx_reset(ctx->cipher, iv_buf))
{
-CRYPT_ERROR("cipher init failed");
+CRYPT_ERROR("decrypt initialization failed");
}
/* Buffer overflow check (should never happen) */
if (!buf_safe(&work, buf->len +
cipher_ctx_block_size(ctx->cipher)))
{
-CRYPT_ERROR("potential buffer overflow");
+CRYPT_ERROR("packet too big to decrypt");
}
/* Decrypt packet ID, payload */
if (!cipher_ctx_update(ctx->cipher, BPTR(&work), &outlen,
BPTR(buf), BLEN(buf)))
{
-CRYPT_ERROR("cipher update failed");
+CRYPT_ERROR("packet decryption failed");
}
ASSERT(buf_inc_len(&work, outlen));
/* Flush the decryption buffer */
if (!cipher_ctx_final(ctx->cipher, BPTR(&work) + outlen, &outlen))
{
-CRYPT_ERROR("cipher final failed");
+CRYPT_DROP("packet authentication failed, dropping.");
}
ASSERT(buf_inc_len(&work, outlen));
diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h
index 61184bc..d91de74 100644
--- a/src/openvpn/crypto.h
+++ b/src/openvpn/crypto.h
@@ -288,8 +288,11 @@
* security operation functions. */
};
-#define CRYPT_ERROR(format) \
-do { msg(D_CRYPT_ERRORS, "%s: " format, error_prefix); goto error_exit; }
while (false)
+#define CRYPT_ERROR_EXIT(flags, format) \
+do { msg(flags, "%s: " format, error_prefix); goto error_exit; } while
(false)
+
+#define CRYPT_ERROR(format) CRYPT_ERROR_EXIT(D_CRYPT_ERRORS, format)
+#define CRYPT_DROP(format) CRYPT_ERROR_EXIT(D_MULTI_DROPPED, format)
/**
* Minimal IV length for AEAD mode ciphers (in bytes):
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/774?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I0fd48191babe4fe5c56f10eb3ba88182ffb075d1
Gerrit-Change-Number: 774
Gerrit-PatchSet: 2
Gerrit-Owner: syzzer
Gerrit-Reviewer: MaxF
Gerrit-Reviewer: flichtenheld
Gerrit-Reviewer: plaisthos
Gerrit-CC: openvpn-devel
Gerrit-MessageType: newpatchset
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [L] Change in openvpn[master]: Bind to multiple ipv4/ipv6 addresses
Attention is currently required from: its_Giaan, plaisthos. flichtenheld has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/764?usp=email ) Change subject: Bind to multiple ipv4/ipv6 addresses .. Patch Set 4: -Code-Review -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/764?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I31bbf87e4e568021445c7512ecefadfd4a69b363 Gerrit-Change-Number: 764 Gerrit-PatchSet: 4 Gerrit-Owner: its_Giaan Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: its_Giaan Gerrit-Comment-Date: Thu, 17 Oct 2024 10:34:18 + Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH applied] Re: Improve data channel crypto error messages
Am 17.10.2024 um 09:01 schrieb Gert Doering: Stared a bit at the code, poked MaxF to do a more thorough review (thanks), did a test compile. Out of curiosity - are you really seeing that many "authentication errors on bad connections"? Aka "shouldn't lower-layer checksums not catch and drop packet corruptions"? This is more the question of what happens if someone starts messing with our packets. At that point we should not start spamming the logs without any throttling. Arne ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [M] Change in openvpn[master]: Remove a large number of unused structs and functions
Attention is currently required from: flichtenheld.
Hello flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/783?usp=email
to review the following change.
Change subject: Remove a large number of unused structs and functions
..
Remove a large number of unused structs and functions
These have been found by Clion's Inspect Code functionality and have
been verified by hand. A few functions like buf_read_u32 have been
kept since they still feel being useful while currently not being used.
Change-Id: I0d96ee06c355c6a5ce082af23921e329d3efae33
Signed-off-by: Arne Schwabe
---
M src/openvpn/buffer.c
M src/openvpn/buffer.h
M src/openvpn/crypto_mbedtls.h
M src/openvpn/crypto_openssl.h
M src/openvpn/error.h
M src/openvpn/fragment.h
M src/openvpn/init.c
M src/openvpn/manage.c
M src/openvpn/manage.h
M src/openvpn/misc.h
M src/openvpn/mtcp.c
M src/openvpn/mtcp.h
M src/openvpn/openvpn.h
M src/openvpn/packet_id.h
M src/openvpn/platform.c
M src/openvpn/platform.h
M src/openvpn/proto.h
M src/openvpn/proxy.h
M src/openvpn/ps.h
M src/openvpn/shaper.h
M src/openvpn/socket.h
M tests/unit_tests/openvpn/test_buffer.c
M tests/unit_tests/openvpn/test_pkt.c
23 files changed, 0 insertions(+), 162 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/83/783/1
diff --git a/src/openvpn/buffer.c b/src/openvpn/buffer.c
index 9ee76aa..b2a5bf5 100644
--- a/src/openvpn/buffer.c
+++ b/src/openvpn/buffer.c
@@ -296,24 +296,6 @@
}
}
-/*
- * convert a multi-line output to one line
- */
-void
-convert_to_one_line(struct buffer *buf)
-{
-uint8_t *cp = BPTR(buf);
-int len = BLEN(buf);
-while (len--)
-{
-if (*cp == '\n')
-{
-*cp = '|';
-}
-++cp;
-}
-}
-
bool
buffer_write_file(const char *filename, const struct buffer *buf)
{
diff --git a/src/openvpn/buffer.h b/src/openvpn/buffer.h
index 8a40010..2f804fb 100644
--- a/src/openvpn/buffer.h
+++ b/src/openvpn/buffer.h
@@ -487,11 +487,6 @@
void buf_catrunc(struct buffer *buf, const char *str);
/*
- * convert a multi-line output to one line
- */
-void convert_to_one_line(struct buffer *buf);
-
-/*
* Parse a string based on a given delimiter char
*/
bool buf_parse(struct buffer *buf, const int delim, char *line, const int
size);
diff --git a/src/openvpn/crypto_mbedtls.h b/src/openvpn/crypto_mbedtls.h
index 48d1e20..a966a7a 100644
--- a/src/openvpn/crypto_mbedtls.h
+++ b/src/openvpn/crypto_mbedtls.h
@@ -75,7 +75,6 @@
#define MD5_DIGEST_LENGTH 16
#define SHA_DIGEST_LENGTH 20
#define SHA256_DIGEST_LENGTH32
-#define DES_KEY_LENGTH 8
/**
* Returns a singleton instance of the mbed TLS random number generator.
diff --git a/src/openvpn/crypto_openssl.h b/src/openvpn/crypto_openssl.h
index 4cd988a..288c2fa 100644
--- a/src/openvpn/crypto_openssl.h
+++ b/src/openvpn/crypto_openssl.h
@@ -93,7 +93,6 @@
/** Cipher should decrypt */
#define OPENVPN_OP_DECRYPT 0
-#define DES_KEY_LENGTH 8
#define MD4_DIGEST_LENGTH 16
/**
diff --git a/src/openvpn/error.h b/src/openvpn/error.h
index ab2872a..9a4577b 100644
--- a/src/openvpn/error.h
+++ b/src/openvpn/error.h
@@ -297,10 +297,6 @@
extern const char *x_msg_prefix;
-void msg_thread_init(void);
-
-void msg_thread_uninit(void);
-
static inline void
msg_set_prefix(const char *prefix)
{
diff --git a/src/openvpn/fragment.h b/src/openvpn/fragment.h
index c3eb2ef..3cd0ee7 100644
--- a/src/openvpn/fragment.h
+++ b/src/openvpn/fragment.h
@@ -137,8 +137,6 @@
struct event_timeout wakeup; /**< Timeout structure used by the main
* event loop to know when to do
* fragmentation housekeeping. */
-bool received_os_mtu_hint; /**< Whether the operating system has
- * explicitly recommended an MTU value. */
#define N_SEQ_ID256
/**< One more than the maximum fragment
* sequence ID, above which the IDs wrap
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index ae911a9..9371024 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -816,8 +816,6 @@
bool
init_static(void)
{
-/* configure_path (); */
-
#if defined(DMALLOC)
crypto_init_dmalloc();
#endif
diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c
index 05b5a1a..f296788 100644
--- a/src/openvpn/manage.c
+++ b/src/openvpn/manage.c
@@ -3797,16 +3797,6 @@
}
/*
- * Return true if (from the management interface's perspective) OpenVPN should
- * daemonize.
- */
-bool
-management_should_daemonize(struct management *man)
-{
-return management_would_hold(man) || (man->settings.flags &
MF_QUERY_PASSWORDS);
-}
-
-/*
* If the hold flag is enabled, hibernate until a management client releases
the hold.
* Return true if the caller should not sleep for an additional time interval.
*/
diff --git a/sr
[Openvpn-devel] [M] Change in openvpn[master]: Remove unused methods write_key/read_key
Attention is currently required from: flichtenheld.
Hello flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/784?usp=email
to review the following change.
Change subject: Remove unused methods write_key/read_key
..
Remove unused methods write_key/read_key
These were used in the key-method 1 that we remove by commit
36bef1b52 in 2020. That commit unfortunately missed that these
methods were only used for directly sending/receiving key material
over the control channel.
Change-Id: Ib480e57b62ea33f2aea52bee895badaf5607b72d
Signed-off-by: Arne Schwabe
---
M src/openvpn/crypto.c
M src/openvpn/crypto.h
2 files changed, 0 insertions(+), 86 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/84/784/1
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index 064e59e..8f34eaa 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -1540,87 +1540,6 @@
}
}
-/* given a key and key_type, write key to buffer */
-bool
-write_key(const struct key *key, const struct key_type *kt,
- struct buffer *buf)
-{
-ASSERT(cipher_kt_key_size(kt->cipher) <= MAX_CIPHER_KEY_LENGTH
- && md_kt_size(kt->digest) <= MAX_HMAC_KEY_LENGTH);
-
-const uint8_t cipher_length = (uint8_t)cipher_kt_key_size(kt->cipher);
-if (!buf_write(buf, &cipher_length, 1))
-{
-return false;
-}
-
-uint8_t hmac_length = (uint8_t)md_kt_size(kt->digest);
-
-if (!buf_write(buf, &hmac_length, 1))
-{
-return false;
-}
-if (!buf_write(buf, key->cipher, cipher_kt_key_size(kt->cipher)))
-{
-return false;
-}
-if (!buf_write(buf, key->hmac, hmac_length))
-{
-return false;
-}
-
-return true;
-}
-
-/*
- * Given a key_type and buffer, read key from buffer.
- * Return: 1 on success
- *-1 read failure
- * 0 on key length mismatch
- */
-int
-read_key(struct key *key, const struct key_type *kt, struct buffer *buf)
-{
-uint8_t cipher_length;
-uint8_t hmac_length;
-
-CLEAR(*key);
-if (!buf_read(buf, &cipher_length, 1))
-{
-goto read_err;
-}
-if (!buf_read(buf, &hmac_length, 1))
-{
-goto read_err;
-}
-
-if (cipher_length != cipher_kt_key_size(kt->cipher) || hmac_length !=
md_kt_size(kt->digest))
-{
-goto key_len_err;
-}
-
-if (!buf_read(buf, key->cipher, cipher_length))
-{
-goto read_err;
-}
-if (!buf_read(buf, key->hmac, hmac_length))
-{
-goto read_err;
-}
-
-return 1;
-
-read_err:
-msg(D_TLS_ERRORS, "TLS Error: error reading key from remote");
-return -1;
-
-key_len_err:
-msg(D_TLS_ERRORS,
-"TLS Error: key length mismatch, local cipher/hmac %d/%d, remote
cipher/hmac %d/%d",
-cipher_kt_key_size(kt->cipher), md_kt_size(kt->digest), cipher_length,
hmac_length);
-return 0;
-}
-
void
prng_bytes(uint8_t *output, int len)
{
diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h
index d91de74..074dad6 100644
--- a/src/openvpn/crypto.h
+++ b/src/openvpn/crypto.h
@@ -313,11 +313,6 @@
bool check_key(struct key *key, const struct key_type *kt);
-bool write_key(const struct key *key, const struct key_type *kt,
- struct buffer *buf);
-
-int read_key(struct key *key, const struct key_type *kt, struct buffer *buf);
-
/**
* Initialize a key_type structure with.
*
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/784?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: Ib480e57b62ea33f2aea52bee895badaf5607b72d
Gerrit-Change-Number: 784
Gerrit-PatchSet: 1
Gerrit-Owner: plaisthos
Gerrit-Reviewer: flichtenheld
Gerrit-CC: openvpn-devel
Gerrit-Attention: flichtenheld
Gerrit-MessageType: newchange
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [M] Change in openvpn[master]: Remove unused methods write_key/read_key
Attention is currently required from: flichtenheld, plaisthos. cron2 has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/784?usp=email ) Change subject: Remove unused methods write_key/read_key .. Patch Set 1: Code-Review+2 (1 comment) Patchset: PS1: easy enough -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/784?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ib480e57b62ea33f2aea52bee895badaf5607b72d Gerrit-Change-Number: 784 Gerrit-PatchSet: 1 Gerrit-Owner: plaisthos Gerrit-Reviewer: cron2 Gerrit-Reviewer: flichtenheld Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: flichtenheld Gerrit-Comment-Date: Fri, 18 Oct 2024 06:31:06 + Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [M] Change in openvpn[master]: Remove a large number of unused structs and functions
Attention is currently required from: flichtenheld, plaisthos. cron2 has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/783?usp=email ) Change subject: Remove a large number of unused structs and functions .. Patch Set 1: Code-Review+2 (1 comment) Patchset: PS1: This is... amazing. Especially finding yet another "struct user_pass" tucked away "somewhere". Went through it and things look good, plus the buildbots agree. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/783?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I0d96ee06c355c6a5ce082af23921e329d3efae33 Gerrit-Change-Number: 783 Gerrit-PatchSet: 1 Gerrit-Owner: plaisthos Gerrit-Reviewer: cron2 Gerrit-Reviewer: flichtenheld Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: flichtenheld Gerrit-Comment-Date: Fri, 18 Oct 2024 06:34:30 + Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH v1] Remove a large number of unused structs and functions
From: Arne Schwabe
These have been found by Clion's Inspect Code functionality and have
been verified by hand. A few functions like buf_read_u32 have been
kept since they still feel being useful while currently not being used.
Change-Id: I0d96ee06c355c6a5ce082af23921e329d3efae33
Signed-off-by: Arne Schwabe
Acked-by: Gert Doering
---
This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/783
This mail reflects revision 1 of this Change.
Acked-by according to Gerrit (reflected above):
Gert Doering
diff --git a/src/openvpn/buffer.c b/src/openvpn/buffer.c
index 9ee76aa..b2a5bf5 100644
--- a/src/openvpn/buffer.c
+++ b/src/openvpn/buffer.c
@@ -296,24 +296,6 @@
}
}
-/*
- * convert a multi-line output to one line
- */
-void
-convert_to_one_line(struct buffer *buf)
-{
-uint8_t *cp = BPTR(buf);
-int len = BLEN(buf);
-while (len--)
-{
-if (*cp == '\n')
-{
-*cp = '|';
-}
-++cp;
-}
-}
-
bool
buffer_write_file(const char *filename, const struct buffer *buf)
{
diff --git a/src/openvpn/buffer.h b/src/openvpn/buffer.h
index 8a40010..2f804fb 100644
--- a/src/openvpn/buffer.h
+++ b/src/openvpn/buffer.h
@@ -487,11 +487,6 @@
void buf_catrunc(struct buffer *buf, const char *str);
/*
- * convert a multi-line output to one line
- */
-void convert_to_one_line(struct buffer *buf);
-
-/*
* Parse a string based on a given delimiter char
*/
bool buf_parse(struct buffer *buf, const int delim, char *line, const int
size);
diff --git a/src/openvpn/crypto_mbedtls.h b/src/openvpn/crypto_mbedtls.h
index 48d1e20..a966a7a 100644
--- a/src/openvpn/crypto_mbedtls.h
+++ b/src/openvpn/crypto_mbedtls.h
@@ -75,7 +75,6 @@
#define MD5_DIGEST_LENGTH 16
#define SHA_DIGEST_LENGTH 20
#define SHA256_DIGEST_LENGTH32
-#define DES_KEY_LENGTH 8
/**
* Returns a singleton instance of the mbed TLS random number generator.
diff --git a/src/openvpn/crypto_openssl.h b/src/openvpn/crypto_openssl.h
index 4cd988a..288c2fa 100644
--- a/src/openvpn/crypto_openssl.h
+++ b/src/openvpn/crypto_openssl.h
@@ -93,7 +93,6 @@
/** Cipher should decrypt */
#define OPENVPN_OP_DECRYPT 0
-#define DES_KEY_LENGTH 8
#define MD4_DIGEST_LENGTH 16
/**
diff --git a/src/openvpn/error.h b/src/openvpn/error.h
index ab2872a..9a4577b 100644
--- a/src/openvpn/error.h
+++ b/src/openvpn/error.h
@@ -297,10 +297,6 @@
extern const char *x_msg_prefix;
-void msg_thread_init(void);
-
-void msg_thread_uninit(void);
-
static inline void
msg_set_prefix(const char *prefix)
{
diff --git a/src/openvpn/fragment.h b/src/openvpn/fragment.h
index c3eb2ef..3cd0ee7 100644
--- a/src/openvpn/fragment.h
+++ b/src/openvpn/fragment.h
@@ -137,8 +137,6 @@
struct event_timeout wakeup; /**< Timeout structure used by the main
* event loop to know when to do
* fragmentation housekeeping. */
-bool received_os_mtu_hint; /**< Whether the operating system has
- * explicitly recommended an MTU value. */
#define N_SEQ_ID256
/**< One more than the maximum fragment
* sequence ID, above which the IDs wrap
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index ae911a9..9371024 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -816,8 +816,6 @@
bool
init_static(void)
{
-/* configure_path (); */
-
#if defined(DMALLOC)
crypto_init_dmalloc();
#endif
diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c
index 05b5a1a..f296788 100644
--- a/src/openvpn/manage.c
+++ b/src/openvpn/manage.c
@@ -3797,16 +3797,6 @@
}
/*
- * Return true if (from the management interface's perspective) OpenVPN should
- * daemonize.
- */
-bool
-management_should_daemonize(struct management *man)
-{
-return management_would_hold(man) || (man->settings.flags &
MF_QUERY_PASSWORDS);
-}
-
-/*
* If the hold flag is enabled, hibernate until a management client releases
the hold.
* Return true if the caller should not sleep for an additional time interval.
*/
diff --git a/src/openvpn/manage.h b/src/openvpn/manage.h
index 1896510..f501543 100644
--- a/src/openvpn/manage.h
+++ b/src/openvpn/manage.h
@@ -390,8 +390,6 @@
#endif
-bool management_should_daemonize(struct management *man);
-
bool management_would_hold(struct management *man);
bool management_hold(struct management *man, int holdtime);
diff --git a/src/openvpn/misc.h b/src/openvpn/misc.h
index cdfb0de..3c46c02 100644
--- a/src/openvpn/misc.h
+++ b/src/openvpn/misc.h
@@ -186,9 +186,6 @@
*/
const char *safe_print(const char *str, struct gc_arena *gc);
-
-void configure_path(void);
-
const char *sanitize_control_message(const char *str, struct gc_arena *gc);
/*
diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c
index 96408d1..3ae8be7 100644
--- a/src/openvpn/m
[Openvpn-devel] [PATCH v1] Remove unused methods write_key/read_key
From: Arne Schwabe
These were used in the key-method 1 that we remove by commit
36bef1b52 in 2020. That commit unfortunately missed that these
methods were only used for directly sending/receiving key material
over the control channel.
Change-Id: Ib480e57b62ea33f2aea52bee895badaf5607b72d
Signed-off-by: Arne Schwabe
Acked-by: Gert Doering
---
This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/784
This mail reflects revision 1 of this Change.
Acked-by according to Gerrit (reflected above):
Gert Doering
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index 064e59e..8f34eaa 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -1540,87 +1540,6 @@
}
}
-/* given a key and key_type, write key to buffer */
-bool
-write_key(const struct key *key, const struct key_type *kt,
- struct buffer *buf)
-{
-ASSERT(cipher_kt_key_size(kt->cipher) <= MAX_CIPHER_KEY_LENGTH
- && md_kt_size(kt->digest) <= MAX_HMAC_KEY_LENGTH);
-
-const uint8_t cipher_length = (uint8_t)cipher_kt_key_size(kt->cipher);
-if (!buf_write(buf, &cipher_length, 1))
-{
-return false;
-}
-
-uint8_t hmac_length = (uint8_t)md_kt_size(kt->digest);
-
-if (!buf_write(buf, &hmac_length, 1))
-{
-return false;
-}
-if (!buf_write(buf, key->cipher, cipher_kt_key_size(kt->cipher)))
-{
-return false;
-}
-if (!buf_write(buf, key->hmac, hmac_length))
-{
-return false;
-}
-
-return true;
-}
-
-/*
- * Given a key_type and buffer, read key from buffer.
- * Return: 1 on success
- *-1 read failure
- * 0 on key length mismatch
- */
-int
-read_key(struct key *key, const struct key_type *kt, struct buffer *buf)
-{
-uint8_t cipher_length;
-uint8_t hmac_length;
-
-CLEAR(*key);
-if (!buf_read(buf, &cipher_length, 1))
-{
-goto read_err;
-}
-if (!buf_read(buf, &hmac_length, 1))
-{
-goto read_err;
-}
-
-if (cipher_length != cipher_kt_key_size(kt->cipher) || hmac_length !=
md_kt_size(kt->digest))
-{
-goto key_len_err;
-}
-
-if (!buf_read(buf, key->cipher, cipher_length))
-{
-goto read_err;
-}
-if (!buf_read(buf, key->hmac, hmac_length))
-{
-goto read_err;
-}
-
-return 1;
-
-read_err:
-msg(D_TLS_ERRORS, "TLS Error: error reading key from remote");
-return -1;
-
-key_len_err:
-msg(D_TLS_ERRORS,
-"TLS Error: key length mismatch, local cipher/hmac %d/%d, remote
cipher/hmac %d/%d",
-cipher_kt_key_size(kt->cipher), md_kt_size(kt->digest), cipher_length,
hmac_length);
-return 0;
-}
-
void
prng_bytes(uint8_t *output, int len)
{
diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h
index d91de74..074dad6 100644
--- a/src/openvpn/crypto.h
+++ b/src/openvpn/crypto.h
@@ -313,11 +313,6 @@
bool check_key(struct key *key, const struct key_type *kt);
-bool write_key(const struct key *key, const struct key_type *kt,
- struct buffer *buf);
-
-int read_key(struct key *key, const struct key_type *kt, struct buffer *buf);
-
/**
* Initialize a key_type structure with.
*
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [M] Change in openvpn[master]: pass link_socket object to i/o functions
Attention is currently required from: its_Giaan, ordex, plaisthos. flichtenheld has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/758?usp=email ) Change subject: pass link_socket object to i/o functions .. Patch Set 5: Code-Review+2 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/758?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I8eae2d3356bbcc5d632eeb4fbe80de8009d9b40d Gerrit-Change-Number: 758 Gerrit-PatchSet: 5 Gerrit-Owner: its_Giaan Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: ordex Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: its_Giaan Gerrit-Attention: ordex Gerrit-Comment-Date: Thu, 17 Oct 2024 15:37:41 + Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [M] Change in openvpn[master]: event/multi: add event_arg object to make event handling more generic
Attention is currently required from: its_Giaan, ordex, plaisthos. flichtenheld has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/757?usp=email ) Change subject: event/multi: add event_arg object to make event handling more generic .. Patch Set 5: Code-Review+2 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/757?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Icd7f6a2ad350cdc2312b3e80fa0dbdd7e4311d2e Gerrit-Change-Number: 757 Gerrit-PatchSet: 5 Gerrit-Owner: its_Giaan Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: ordex Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: its_Giaan Gerrit-Attention: ordex Gerrit-Comment-Date: Thu, 17 Oct 2024 15:37:16 + Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: io_work: convert shift argument to uintptr_t
Attention is currently required from: its_Giaan, ordex, plaisthos. flichtenheld has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/759?usp=email ) Change subject: io_work: convert shift argument to uintptr_t .. Patch Set 5: Code-Review+2 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/759?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ib583bf17e35b14aed78fd8217b6e71e8c2b78089 Gerrit-Change-Number: 759 Gerrit-PatchSet: 5 Gerrit-Owner: its_Giaan Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: ordex Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: its_Giaan Gerrit-Attention: ordex Gerrit-Comment-Date: Thu, 17 Oct 2024 15:38:09 + Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: io_work: pass event_arg object to event handler in case of socket event
Attention is currently required from: its_Giaan, ordex, plaisthos. flichtenheld has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/760?usp=email ) Change subject: io_work: pass event_arg object to event handler in case of socket event .. Patch Set 5: Code-Review+2 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/760?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I7ebf0d4fb2a23278e16003b2e35598178155d658 Gerrit-Change-Number: 760 Gerrit-PatchSet: 5 Gerrit-Owner: its_Giaan Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: ordex Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: its_Giaan Gerrit-Attention: ordex Gerrit-Comment-Date: Thu, 17 Oct 2024 15:38:34 + Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [XL] Change in openvpn[master]: multiproto: move generic event handling code in dedicated files
Attention is currently required from: its_Giaan, plaisthos. flichtenheld has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/763?usp=email ) Change subject: multiproto: move generic event handling code in dedicated files .. Patch Set 5: Code-Review-2 (2 comments) Patchset: PS5: build broken File src/openvpn/multi.c: http://gerrit.openvpn.net/c/openvpn/+/763/comment/5daac845_5463efa8 : PS5, Line 777: m forgot to update reference to "ls" -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/763?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I1e5a84969988e4f027a18658d4ab268c13fbf929 Gerrit-Change-Number: 763 Gerrit-PatchSet: 5 Gerrit-Owner: its_Giaan Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: its_Giaan Gerrit-Comment-Date: Thu, 17 Oct 2024 15:41:00 + Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [M] Change in openvpn[master]: pass link_socket object to i/o functions
Attention is currently required from: flichtenheld, ordex, plaisthos. its_Giaan has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/758?usp=email ) Change subject: pass link_socket object to i/o functions .. Patch Set 5: (1 comment) Commit Message: http://gerrit.openvpn.net/c/openvpn/+/758/comment/9ce0d707_3df88a9b : PS4, Line 17: Signed-off-by: Antonio Quartulli > This probably should have a Signed-off-by line from Giaan as well, since he > submitted it. […] Done -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/758?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I8eae2d3356bbcc5d632eeb4fbe80de8009d9b40d Gerrit-Change-Number: 758 Gerrit-PatchSet: 5 Gerrit-Owner: its_Giaan Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: ordex Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: flichtenheld Gerrit-Attention: ordex Gerrit-Comment-Date: Thu, 17 Oct 2024 14:55:43 + Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: flichtenheld Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [M] Change in openvpn[master]: pass link_socket object to i/o functions
Attention is currently required from: flichtenheld, its_Giaan, ordex, plaisthos.
Hello flichtenheld, ordex, plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/758?usp=email
to look at the new patch set (#5).
The following approvals got outdated and were removed:
Code-Review+2 by flichtenheld
The change is no longer submittable: Code-Review and checks~ChecksSubmitRule
are unsatisfied now.
Change subject: pass link_socket object to i/o functions
..
pass link_socket object to i/o functions
In order to prepare the code to work with distinct sockets,
it is essential that i/o functions do not operate on any
hard-coded socket object (i.e. c->c2.link_socket).
This patch changes all the low-level i/o functionis to work
with a socket specified as argument rather than a fixed one.
Change-Id: I8eae2d3356bbcc5d632eeb4fbe80de8009d9b40d
Signed-off-by: Antonio Quartulli
Signed-off-by: Gianmarco De Gregori
---
M src/openvpn/event.h
M src/openvpn/forward.c
M src/openvpn/forward.h
M src/openvpn/mtcp.c
M src/openvpn/mudp.c
M src/openvpn/multi.h
M src/openvpn/openvpn.c
M src/openvpn/socket.c
M src/openvpn/socket.h
9 files changed, 76 insertions(+), 68 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/58/758/5
diff --git a/src/openvpn/event.h b/src/openvpn/event.h
index 844ea7b..b3ba183 100644
--- a/src/openvpn/event.h
+++ b/src/openvpn/event.h
@@ -137,6 +137,7 @@
event_arg_t type;
union {
struct multi_instance *mi; /* if type = EVENT_ARG_MULTI_INSTANCE */
+struct link_socket *sock; /* if type = EVENT_ARG_LINK_SOCKET */
} u;
};
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index 6df01d1..6f279ec 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -884,9 +884,9 @@
*/
static inline void
-socks_postprocess_incoming_link(struct context *c)
+socks_postprocess_incoming_link(struct context *c, struct link_socket *sock)
{
-if (c->c2.link_socket->socks_proxy && c->c2.link_socket->info.proto ==
PROTO_UDP)
+if (sock->socks_proxy && sock->info.proto == PROTO_UDP)
{
socks_process_incoming_udp(&c->c2.buf, &c->c2.from);
}
@@ -894,13 +894,14 @@
static inline void
socks_preprocess_outgoing_link(struct context *c,
+ struct link_socket *sock,
struct link_socket_actual **to_addr,
int *size_delta)
{
-if (c->c2.link_socket->socks_proxy && c->c2.link_socket->info.proto ==
PROTO_UDP)
+if (sock->socks_proxy && sock->info.proto == PROTO_UDP)
{
*size_delta += socks_process_outgoing_udp(&c->c2.to_link,
c->c2.to_link_addr);
-*to_addr = &c->c2.link_socket->socks_relay;
+*to_addr = &sock->socks_relay;
}
}
@@ -925,7 +926,7 @@
*/
void
-read_incoming_link(struct context *c)
+read_incoming_link(struct context *c, struct link_socket *sock)
{
/*
* Set up for recvfrom call to read datagram
@@ -940,17 +941,17 @@
c->c2.buf = c->c2.buffers->read_link_buf;
ASSERT(buf_init(&c->c2.buf, c->c2.frame.buf.headroom));
-status = link_socket_read(c->c2.link_socket,
+status = link_socket_read(sock,
&c->c2.buf,
&c->c2.from);
-if (socket_connection_reset(c->c2.link_socket, status))
+if (socket_connection_reset(sock, status))
{
#if PORT_SHARE
-if (port_share && socket_foreign_protocol_detected(c->c2.link_socket))
+if (port_share && socket_foreign_protocol_detected(sock))
{
-const struct buffer *fbuf =
socket_foreign_protocol_head(c->c2.link_socket);
-const int sd = socket_foreign_protocol_sd(c->c2.link_socket);
+const struct buffer *fbuf = socket_foreign_protocol_head(sock);
+const int sd = socket_foreign_protocol_sd(sock);
port_share_redirect(port_share, fbuf, sd);
register_signal(c->sig, SIGTERM, "port-share-redirect");
}
@@ -977,7 +978,7 @@
bool dco_win_timeout = tuntap_is_dco_win_timeout(c->c1.tuntap, status);
/* check recvfrom status */
-check_status(status, "read", c->c2.link_socket, NULL);
+check_status(status, "read", sock, NULL);
if (dco_win_timeout)
{
@@ -985,7 +986,7 @@
}
/* Remove socks header if applicable */
-socks_postprocess_incoming_link(c);
+socks_postprocess_incoming_link(c, sock);
perf_pop();
}
@@ -1222,11 +1223,11 @@
}
static void
-process_incoming_link(struct context *c)
+process_incoming_link(struct context *c, struct link_socket *sock)
{
perf_push(PERF_PROC_IN_LINK);
-struct link_socket_info *lsi = get_link_socket_info(c);
+struct link_socket_info *lsi = &sock->info;
const uint8_t *orig_buf = c->c2.buf.data;
process_incoming_link_part1(c, lsi, false);
@@ -1732,7 +
[Openvpn-devel] [S] Change in openvpn[master]: io_work: convert shift argument to uintptr_t
Attention is currently required from: flichtenheld, its_Giaan, ordex, plaisthos.
Hello flichtenheld, ordex, plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/759?usp=email
to look at the new patch set (#5).
The following approvals got outdated and were removed:
Code-Review+2 by flichtenheld
The change is no longer submittable: Code-Review and checks~ChecksSubmitRule
are unsatisfied now.
Change subject: io_work: convert shift argument to uintptr_t
..
io_work: convert shift argument to uintptr_t
Instead of passing the shift argument as pointer, pass
directly its integer value. This will allow the code to
distinguish a shift value from a real object pointer,
like we already do in multi_tcp_process_io().
This change will allow us later to pass an event_arg
object as event handler argument instead of a simple
integer value.
Change-Id: Ib583bf17e35b14aed78fd8217b6e71e8c2b78089
Signed-off-by: Antonio Quartulli
Signed-off-by: Gianmarco De Gregori
---
M src/openvpn/forward.c
1 file changed, 14 insertions(+), 16 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/59/759/5
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index 6f279ec..66e5be1 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -2065,20 +2065,18 @@
unsigned int tuntap = 0;
struct event_set_return esr[4];
-/* These shifts all depend on EVENT_READ (=1) and EVENT_WRITE (=2)
- * and are added to the shift. Check openvpn.h for more details.
- */
-static int socket_shift = SOCKET_SHIFT;
-static int tun_shift = TUN_SHIFT;
-static int err_shift = ERR_SHIFT;
+/* These shifts all depend on EVENT_READ and EVENT_WRITE */
+static uintptr_t socket_shift = SOCKET_SHIFT; /* depends on SOCKET_READ
and SOCKET_WRITE */
+static uintptr_t tun_shift = TUN_SHIFT; /* depends on TUN_READ and
TUN_WRITE */
+static uintptr_t err_shift = ERR_SHIFT; /* depends on ES_ERROR */
#ifdef ENABLE_MANAGEMENT
-static int management_shift = MANAGEMENT_SHIFT;
+static uintptr_t management_shift = MANAGEMENT_SHIFT; /* depends on
MANAGEMENT_READ and MANAGEMENT_WRITE */
#endif
#ifdef ENABLE_ASYNC_PUSH
-static int file_shift = FILE_SHIFT;
+static uintptr_t file_shift = FILE_SHIFT;
#endif
#if defined(TARGET_LINUX) || defined(TARGET_FREEBSD)
-static int dco_shift = DCO_SHIFT;/* Event from DCO linux kernel module
*/
+static uintptr_t dco_shift = DCO_SHIFT;/* Event from DCO linux kernel
module */
#endif
/*
@@ -2092,7 +2090,7 @@
*/
if (flags & IOW_WAIT_SIGNAL)
{
-wait_signal(c->c2.event_set, (void *)&err_shift);
+wait_signal(c->c2.event_set, (void *)err_shift);
}
/*
@@ -2185,19 +2183,19 @@
/*
* Configure event wait based on socket, tuntap flags.
*/
-socket_set(c->c2.link_socket, c->c2.event_set, socket, (void
*)&socket_shift, NULL);
-tun_set(c->c1.tuntap, c->c2.event_set, tuntap, (void *)&tun_shift, NULL);
+socket_set(c->c2.link_socket, c->c2.event_set, socket, (void
*)socket_shift, NULL);
+tun_set(c->c1.tuntap, c->c2.event_set, tuntap, (void *)tun_shift, NULL);
#if defined(TARGET_LINUX) || defined(TARGET_FREEBSD)
if (socket & EVENT_READ && c->c2.did_open_tun)
{
-dco_event_set(&c->c1.tuntap->dco, c->c2.event_set, (void *)&dco_shift);
+dco_event_set(&c->c1.tuntap->dco, c->c2.event_set, (void *)dco_shift);
}
#endif
#ifdef ENABLE_MANAGEMENT
if (management)
{
-management_socket_set(management, c->c2.event_set, (void
*)&management_shift, NULL);
+management_socket_set(management, c->c2.event_set, (void
*)management_shift, NULL);
}
#endif
@@ -2205,7 +2203,7 @@
/* arm inotify watcher */
if (c->options.mode == MODE_SERVER)
{
-event_ctl(c->c2.event_set, c->c2.inotify_fd, EVENT_READ, (void
*)&file_shift);
+event_ctl(c->c2.event_set, c->c2.inotify_fd, EVENT_READ, (void
*)file_shift);
}
#endif
@@ -2248,7 +2246,7 @@
for (i = 0; i < status; ++i)
{
const struct event_set_return *e = &esr[i];
-c->c2.event_set_status |= ((e->rwflags & 3) << *((int
*)e->arg));
+c->c2.event_set_status |= ((e->rwflags & 3) <<
(uintptr_t)e->arg);
}
}
else if (status == 0)
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/759?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: Ib583bf17e35b14aed78fd8217b6e71e8c2b78089
Gerrit-Change-Number: 759
Gerrit-PatchSet: 5
Gerrit-Owner: its_Giaan
Gerrit-Reviewer: flichtenheld
Gerrit-Reviewer: ordex
Gerrit-Reviewer: plaisthos
Gerrit-CC: openvpn-devel
Gerrit-Attent
[Openvpn-devel] [S] Change in openvpn[master]: if a local IPv6 address is provided, socket must be v6-only
Attention is currently required from: flichtenheld, ordex, plaisthos.
Hello flichtenheld, ordex, plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/761?usp=email
to look at the new patch set (#5).
Change subject: if a local IPv6 address is provided, socket must be v6-only
..
if a local IPv6 address is provided, socket must be v6-only
If we want to use a wildcard IPv6 socket (i.e ::port), it
must be separate from an IPv4 wildcard socket.
To do this, we need to set a specific flag when passing
'::' to '--local' otherwise the second socket won't be
able to bind properly.
Change-Id: I705fd9bf9298a54560eca12e3797351f4af321a7
Signed-off-by: Antonio Quartulli
Signed-off-by: Gianmarco De Gregori
---
M src/openvpn/socket.c
1 file changed, 10 insertions(+), 2 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/61/761/5
diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c
index b7d80ee..2b55021 100644
--- a/src/openvpn/socket.c
+++ b/src/openvpn/socket.c
@@ -,9 +,17 @@
}
else
{
+bool v6only = sock->info.bind_ipv6_only;
+
+/* force binding IPv6-only if an address was specified
+ * and it is a IPv6 */
+if (sock->local_host && ai_family == AF_INET6)
+{
+v6only = true;
+}
+
socket_bind(sock->sd, sock->info.lsa->bind_local,
-ai_family,
-"TCP/UDP", sock->info.bind_ipv6_only);
+ai_family, "TCP/UDP", v6only);
}
}
}
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/761?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I705fd9bf9298a54560eca12e3797351f4af321a7
Gerrit-Change-Number: 761
Gerrit-PatchSet: 5
Gerrit-Owner: its_Giaan
Gerrit-Reviewer: flichtenheld
Gerrit-Reviewer: ordex
Gerrit-Reviewer: plaisthos
Gerrit-CC: openvpn-devel
Gerrit-Attention: plaisthos
Gerrit-Attention: flichtenheld
Gerrit-Attention: ordex
Gerrit-MessageType: newpatchset
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: override ai_family if 'local' numeric address was specified
Attention is currently required from: flichtenheld, ordex, plaisthos.
Hello flichtenheld, ordex, plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/762?usp=email
to look at the new patch set (#5).
Change subject: override ai_family if 'local' numeric address was specified
..
override ai_family if 'local' numeric address was specified
This change ensures that when a numeric IP address is specified
as argument to a 'local' directive, its ai_family overrides
the one extracted from the 'proto' config option.
Change-Id: Ie2471e6b2d6974e70423b09918ad1c2136253754
Signed-off-by: Antonio Quartulli
Signed-off-by: Gianmarco De Gregori
---
M src/openvpn/socket.c
1 file changed, 9 insertions(+), 2 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/62/762/5
diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c
index 67c8f06..06acd5a 100644
--- a/src/openvpn/socket.c
+++ b/src/openvpn/socket.c
@@ -488,9 +488,8 @@
sig_info = &sigrec;
}
-/* try numeric ipv6 addr first */
+/* try numeric ip addr first */
CLEAR(hints);
-hints.ai_family = ai_family;
hints.ai_flags = AI_NUMERICHOST;
if (flags & GETADDR_PASSIVE)
@@ -518,6 +517,10 @@
const char *fmt;
int level = 0;
+/* this is not a numeric IP, therefore force resolution using the
+ * provided ai_family */
+hints.ai_family = ai_family;
+
if (hostname && (flags & GETADDR_RANDOMIZE))
{
hostname = hostname_randomize(hostname, &gc);
@@ -1716,6 +1719,10 @@
sock->local_host, sock->local_port,
gai_strerror(status));
}
+
+/* the resolved 'local entry' might have a different family than what
+ * was globally configured */
+sock->info.af = sock->info.lsa->bind_local->ai_family;
}
gc_free(&gc);
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/762?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: Ie2471e6b2d6974e70423b09918ad1c2136253754
Gerrit-Change-Number: 762
Gerrit-PatchSet: 5
Gerrit-Owner: its_Giaan
Gerrit-Reviewer: flichtenheld
Gerrit-Reviewer: ordex
Gerrit-Reviewer: plaisthos
Gerrit-CC: openvpn-devel
Gerrit-Attention: plaisthos
Gerrit-Attention: flichtenheld
Gerrit-Attention: ordex
Gerrit-MessageType: newpatchset
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [M] Change in openvpn[master]: allow user to specify 'local' multiple times in config files
Attention is currently required from: flichtenheld, its_Giaan, ordex, plaisthos.
its_Giaan has uploaded a new patch set (#6) to the change originally created by
ordex. ( http://gerrit.openvpn.net/c/openvpn/+/436?usp=email )
The following approvals got outdated and were removed:
Code-Review-1 by flichtenheld
Change subject: allow user to specify 'local' multiple times in config files
..
allow user to specify 'local' multiple times in config files
It is now possible to specify 'local' multiple times in a server
config to let it listen on multiple sockets (address:port) of
the same protocol.
Change-Id: I4d1c96662c5a8c750d883e3b20adde09529e2764
Signed-off-by: Antonio Quartulli
Signed-off-by: Gianmarco De Gregori
---
M doc/man-sections/link-options.rst
M src/openvpn/init.c
M src/openvpn/options.c
M src/openvpn/options.h
M src/openvpn/socket.c
5 files changed, 179 insertions(+), 46 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/36/436/6
diff --git a/doc/man-sections/link-options.rst
b/doc/man-sections/link-options.rst
index ca192c3..d519539 100644
--- a/doc/man-sections/link-options.rst
+++ b/doc/man-sections/link-options.rst
@@ -106,13 +106,15 @@
is not reliable. It is recommended to set tun-mtu with enough headroom
instead.
---local host
- Local host name or IP address for bind. If specified, OpenVPN will bind
- to this address only. If unspecified, OpenVPN will bind to all
- interfaces.
+--local host|* [port]
+ Local host name or IP address and port for bind. If specified, OpenVPN will
bind
+ to this address. If unspecified, OpenVPN will bind to all interfaces.
+ '*' can be used as hostname and means 'any host' (OpenVPN will listen on what
+ is returned by the OS). Implies --bind, 0.0.0.0 or :: can be used to
specifically
+ open a socket.
--lport port
- Set local TCP/UDP port number or name. Cannot be used together with
+ Set default TCP/UDP port number. Cannot be used together with
``--nobind`` option.
--mark value
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index b246cce..3b9dc35 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -742,7 +742,7 @@
init_connection_list(c);
-c->c1.link_sockets_num = 1;
+c->c1.link_sockets_num = c->options.ce.local_list->len;
do_link_socket_addr_new(c);
@@ -4962,6 +4962,7 @@
if (dest->mode == CM_CHILD_UDP)
{
ASSERT(!dest->c2.link_sockets);
+ASSERT(dest->options.ce.local_list);
/* inherit buffers */
dest->c2.buffers = src->c2.buffers;
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 61f6285..d8b56ff 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -124,7 +124,13 @@
"--version : Show copyright and version information.\n"
"\n"
"Tunnel Options:\n"
-"--local host: Local host name or ip address. Implies --bind.\n"
+"--local host|* [port] : Local host name or ip address and port. '*' can
be used\n"
+"as hostname and means 'any host' (openvpn will
listen on\n"
+"what is returned by the OS). Implies --bind.\n"
+"0.0.0.0 or :: can be used to specifically open a
socket\n"
+"listening on any IPv4 or IPv6 address
respectively.\n"
+"The user can specify multiple --local entries to
have\n"
+"a server listen on multiple sockets at the same
time.\n"
"--remote host [port] : Remote host name or ip address.\n"
"--remote-random : If multiple --remote options specified, choose one
randomly.\n"
"--remote-random-hostname : Add a random string to remote DNS name.\n"
@@ -988,8 +994,9 @@
const int i)
{
setenv_str_i(es, "proto", proto2ascii(e->proto, e->af, false), i);
-setenv_str_i(es, "local", e->local, i);
-setenv_str_i(es, "local_port", e->local_port, i);
+/* expected to be for single socket contexts only */
+setenv_str_i(es, "local", e->local_list->array[0]->local, i);
+setenv_str_i(es, "local_port", e->local_list->array[0]->port, i);
setenv_str_i(es, "remote", e->remote, i);
setenv_str_i(es, "remote_port", e->remote_port, i);
@@ -1713,8 +1720,12 @@
show_connection_entry(const struct connection_entry *o)
{
msg(D_SHOW_PARMS, " proto = %s", proto2ascii(o->proto, o->af, false));
-SHOW_STR(local);
-SHOW_STR(local_port);
+msg(D_SHOW_PARMS, " Local Sockets:");
+for (int i = 0; i < o->local_list->len; i++)
+{
+msg(D_SHOW_PARMS, "[%s]:%s", o->local_list->array[i]->local,
+o->local_list->array[i]->port);
+}
SHOW_STR(remote);
SHOW_STR(remote_port);
SHOW_BOOL(remote_float);
@@ -2162,6 +2173,37 @@
#endif /* ifdef ENABLE_MANAGEMENT */
+static struct local_list *
+alloc_local_list_if_undef(struct connection_en
[Openvpn-devel] [S] Change in openvpn[master]: io_work: pass event_arg object to event handler in case of socket event
Attention is currently required from: flichtenheld, its_Giaan, ordex, plaisthos.
Hello flichtenheld, ordex, plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/760?usp=email
to look at the new patch set (#5).
The following approvals got outdated and were removed:
Code-Review+2 by flichtenheld
The change is no longer submittable: Code-Review and checks~ChecksSubmitRule
are unsatisfied now.
Change subject: io_work: pass event_arg object to event handler in case of
socket event
..
io_work: pass event_arg object to event handler in case of socket event
In order to allow the code to work with multiple listening sockets
it is essential to allow the generic multi_io event handler
to distinguish between the various socket objects.
This can be achieved by passing an event_arg object that contains
a pointer to the link_socket.
This code path is used on clients as well as UDP servers.
Change-Id: I7ebf0d4fb2a23278e16003b2e35598178155d658
Signed-off-by: Antonio Quartulli
Signed-off-by: Gianmarco De Gregori
---
M src/openvpn/event.h
M src/openvpn/forward.c
M src/openvpn/mtcp.c
3 files changed, 30 insertions(+), 5 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/60/760/5
diff --git a/src/openvpn/event.h b/src/openvpn/event.h
index b3ba183..c212e07 100644
--- a/src/openvpn/event.h
+++ b/src/openvpn/event.h
@@ -82,6 +82,12 @@
#define EVENT_METHOD_US_TIMEOUT (1<<0)
#define EVENT_METHOD_FAST (1<<1)
+/*
+ * The following constant is used as boundary between integer value
+ * and real addresses when passing arguments to event handlers as (void *)
+ */
+#define MULTI_N ((void *)16) /* upper bound on MTCP_x */
+
#ifdef _WIN32
typedef const struct rw_handle *event_t;
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index 66e5be1..d50b24c 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -2183,7 +2183,8 @@
/*
* Configure event wait based on socket, tuntap flags.
*/
-socket_set(c->c2.link_socket, c->c2.event_set, socket, (void
*)socket_shift, NULL);
+socket_set(c->c2.link_socket, c->c2.event_set, socket,
+ &c->c2.link_socket->ev_arg, NULL);
tun_set(c->c1.tuntap, c->c2.event_set, tuntap, (void *)tun_shift, NULL);
#if defined(TARGET_LINUX) || defined(TARGET_FREEBSD)
if (socket & EVENT_READ && c->c2.did_open_tun)
@@ -2246,7 +2247,27 @@
for (i = 0; i < status; ++i)
{
const struct event_set_return *e = &esr[i];
-c->c2.event_set_status |= ((e->rwflags & 3) <<
(uintptr_t)e->arg);
+uintptr_t shift;
+
+if (e->arg >= MULTI_N)
+{
+struct event_arg *ev_arg = (struct event_arg *)e->arg;
+if (ev_arg->type != EVENT_ARG_LINK_SOCKET)
+{
+c->c2.event_set_status = ES_ERROR;
+msg(D_LINK_ERRORS,
+"io_work: non socket event delivered");
+return;
+}
+
+shift = socket_shift;
+}
+else
+{
+shift = (uintptr_t)e->arg;
+}
+
+c->c2.event_set_status |= ((e->rwflags & 3) << shift);
}
}
else if (status == 0)
diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c
index 1b956f4..e89ddba 100644
--- a/src/openvpn/mtcp.c
+++ b/src/openvpn/mtcp.c
@@ -60,8 +60,6 @@
#define MTCP_FILE_CLOSE_WRITE ((void *)5)
#define MTCP_DCO((void *)6)
-#define MTCP_N ((void *)16) /* upper bound on MTCP_x */
-
struct ta_iow_flags
{
unsigned int flags;
@@ -693,7 +691,7 @@
struct event_set_return *e = &mtcp->esr[i];
/* incoming data for instance or listening socket? */
-if (e->arg >= MTCP_N)
+if (e->arg >= MULTI_N)
{
struct event_arg *ev_arg = (struct event_arg *)e->arg;
switch (ev_arg->type)
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/760?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I7ebf0d4fb2a23278e16003b2e35598178155d658
Gerrit-Change-Number: 760
Gerrit-PatchSet: 5
Gerrit-Owner: its_Giaan
Gerrit-Reviewer: flichtenheld
Gerrit-Reviewer: ordex
Gerrit-Reviewer: plaisthos
Gerrit-CC: openvpn-devel
Gerrit-Attention: plaisthos
Gerrit-Attention: its_Giaan
Gerrit-Attention: flichtenheld
Gerrit-Attention: ordex
Gerrit-MessageType: newpatchset
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.source
[Openvpn-devel] [M] Change in openvpn[master]: event/multi: add event_arg object to make event handling more generic
Attention is currently required from: flichtenheld, its_Giaan, ordex, plaisthos.
Hello flichtenheld, ordex, plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/757?usp=email
to look at the new patch set (#5).
The following approvals got outdated and were removed:
Code-Review+2 by flichtenheld
The change is no longer submittable: Code-Review and checks~ChecksSubmitRule
are unsatisfied now.
Change subject: event/multi: add event_arg object to make event handling more
generic
..
event/multi: add event_arg object to make event handling more generic
In order to prepare the event handling code to deal with multiple
listening sockets, we have to make sure that it is possible to
distinguish which of these sockets have been poked by an incoming
connection request.
To achieve that, this patch changes the object being passed as
event handler argument, from a "partly integer-evaluated variable"
to a full struct with a proper type attribute.
This struct will allow the code to carry around the particular
listening socket where the connection is being established.
This change affects the TCP server code path only as UDP servers
use only one socket to handle all clients.
Change-Id: Icd7f6a2ad350cdc2312b3e80fa0dbdd7e4311d2e
Signed-off-by: Antonio Quartulli
Signed-off-by: Gianmarco De Gregori
---
M src/openvpn/event.h
M src/openvpn/mtcp.c
M src/openvpn/multi.c
M src/openvpn/multi.h
M src/openvpn/socket.c
M src/openvpn/socket.h
6 files changed, 68 insertions(+), 28 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/57/757/5
diff --git a/src/openvpn/event.h b/src/openvpn/event.h
index 856551a..844ea7b 100644
--- a/src/openvpn/event.h
+++ b/src/openvpn/event.h
@@ -126,6 +126,20 @@
struct event_set_functions func;
};
+typedef enum {
+EVENT_ARG_MULTI_INSTANCE = 0,
+EVENT_ARG_LINK_SOCKET,
+} event_arg_t;
+
+/* generic event argument object to pass to event_ctl() */
+struct event_arg
+{
+event_arg_t type;
+union {
+struct multi_instance *mi; /* if type = EVENT_ARG_MULTI_INSTANCE */
+} u;
+};
+
/*
* maxevents on input: desired max number of event_t descriptors
* simultaneously set with event_ctl
diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c
index 96408d1..c002a38 100644
--- a/src/openvpn/mtcp.c
+++ b/src/openvpn/mtcp.c
@@ -54,7 +54,6 @@
/*
* Special tags passed to event.[ch] functions
*/
-#define MTCP_SOCKET ((void *)1)
#define MTCP_TUN ((void *)2)
#define MTCP_SIG ((void *)3) /* Only on Windows */
#define MTCP_MANAGEMENT ((void *)4)
@@ -253,7 +252,7 @@
socket_set(mi->context.c2.link_socket,
m->mtcp->es,
mbuf_defined(mi->tcp_link_out_deferred) ? EVENT_WRITE :
EVENT_READ,
- mi,
+ &mi->ev_arg,
&mi->tcp_rwflags);
}
}
@@ -263,8 +262,8 @@
struct multi_tcp *mtcp)
{
int status;
-unsigned int *persistent = &mtcp->tun_rwflags;
-socket_set_listen_persistent(c->c2.link_socket, mtcp->es, MTCP_SOCKET);
+socket_set_listen_persistent(c->c2.link_socket, mtcp->es,
+ &c->c2.link_socket->ev_arg);
#ifdef _WIN32
if (tuntap_is_wintun(c->c1.tuntap))
@@ -280,7 +279,7 @@
persistent = NULL;
}
#endif
-tun_set(c->c1.tuntap, mtcp->es, EVENT_READ, MTCP_TUN, persistent);
+tun_set(c->c1.tuntap, mtcp->es, EVENT_READ, MTCP_TUN, &mtcp->tun_rwflags);
#if defined(TARGET_LINUX) || defined(TARGET_FREEBSD)
dco_event_set(&c->c1.tuntap->dco, mtcp->es, MTCP_DCO);
#endif
@@ -693,20 +692,43 @@
{
struct event_set_return *e = &mtcp->esr[i];
-/* incoming data for instance? */
+/* incoming data for instance or listening socket? */
if (e->arg >= MTCP_N)
{
-struct multi_instance *mi = (struct multi_instance *) e->arg;
-if (mi)
+struct event_arg *ev_arg = (struct event_arg *)e->arg;
+switch (ev_arg->type)
{
-if (e->rwflags & EVENT_WRITE)
-{
-multi_tcp_action(m, mi, TA_SOCKET_WRITE_READY, false);
-}
-else if (e->rwflags & EVENT_READ)
-{
-multi_tcp_action(m, mi, TA_SOCKET_READ, false);
-}
+struct multi_instance *mi;
+
+/* react to event on child instance */
+case EVENT_ARG_MULTI_INSTANCE:
+if (!ev_arg->u.mi)
+{
+msg(D_MULTI_ERRORS, "MULTI: mtcp_proc_io: null
minstance");
+break;
+}
+
+mi = ev_arg->u.mi;
+if (e->rwflags & EVENT_WRITE)
+{
+m
[Openvpn-devel] [L] Change in openvpn[master]: Adapt socket handling to support listening on multiple sockets
Attention is currently required from: flichtenheld, ordex, plaisthos. its_Giaan has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/434?usp=email ) Change subject: Adapt socket handling to support listening on multiple sockets .. Patch Set 6: (18 comments) Commit Message: http://gerrit.openvpn.net/c/openvpn/+/434/comment/1d41d2b6_a8f7ac05 : PS5, Line 7: allow tcp/udp server to listen on multiple ports at the same time > For a change this fundamental this commit message is not enough. […] Done File src/openvpn/forward.h: http://gerrit.openvpn.net/c/openvpn/+/434/comment/777e4574_22f8383d : PS5, Line 239: void process_incoming_tun(struct context *c, struct link_socket *out_ls); > I think we have implicitly agreed to call those out_sock? Done http://gerrit.openvpn.net/c/openvpn/+/434/comment/45aee7e6_1b3916da : PS5, Line 311:struct link_socket *ls); > let's stick with sock to be consistent? Done File src/openvpn/forward.c: http://gerrit.openvpn.net/c/openvpn/+/434/comment/25eddf8f_88da1d83 : PS5, Line 67: for (i = 0; i < c->c1.link_sockets_num; i++) > move declaration here. Done http://gerrit.openvpn.net/c/openvpn/+/434/comment/52741d0c_ed1cfbf5 : PS5, Line 1500: out_ls); > this looks weird, why the additional line break? Done http://gerrit.openvpn.net/c/openvpn/+/434/comment/c9729dd8_c23a63b3 : PS5, Line 2091: int i; > no Done File src/openvpn/init.c: http://gerrit.openvpn.net/c/openvpn/+/434/comment/5db88ca1_62001647 : PS5, Line 2712: int i; > no Done http://gerrit.openvpn.net/c/openvpn/+/434/comment/c4b1d0a7_caefad40 : PS5, Line 2726: int i; > no Done http://gerrit.openvpn.net/c/openvpn/+/434/comment/d8bf560b_269e4c53 : PS5, Line 3809: int i; > no Done http://gerrit.openvpn.net/c/openvpn/+/434/comment/3fbce72a_bc8f27b6 : PS5, Line 3830: int i; > no Done http://gerrit.openvpn.net/c/openvpn/+/434/comment/96692862_fb70f0c5 : PS5, Line 3898: int i; > no Done http://gerrit.openvpn.net/c/openvpn/+/434/comment/b06654d3_bd9889ea : PS5, Line 4059: int i; > no Done File src/openvpn/mtcp.c: http://gerrit.openvpn.net/c/openvpn/+/434/comment/324654a5_bfaf62d1 : PS5, Line 265: int status, i; > no Done File src/openvpn/mudp.c: http://gerrit.openvpn.net/c/openvpn/+/434/comment/9eba0158_a12ada55 : PS5, Line 384: int i; > no Done File src/openvpn/multi.h: http://gerrit.openvpn.net/c/openvpn/+/434/comment/b0f20aa4_59ddfbd1 : PS5, Line 133: bool did_open_context; > This must have been a rebase mistake, because: […] It was a rebase mistake indeed, so I removed this. File src/openvpn/socket.h: http://gerrit.openvpn.net/c/openvpn/+/434/comment/a49234a5_d2525f23 : PS5, Line 348: link_socket_init_phase1(struct link_socket *sock, > hmm, no? […] Done http://gerrit.openvpn.net/c/openvpn/+/434/comment/4d71982d_76aa122f : PS5, Line 1288: bool sockets_read_residual(const struct context *c); > please add minimal documentation Done File src/openvpn/socket.c: http://gerrit.openvpn.net/c/openvpn/+/434/comment/b48f0b7e_bcabdfe7 : PS5, Line 2239: #if defined (_WIN32) > ?? Done -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/434?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ia0a889e800f0b36aed770ee36e31afeec5df6084 Gerrit-Change-Number: 434 Gerrit-PatchSet: 6 Gerrit-Owner: ordex Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: its_Giaan Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: flichtenheld Gerrit-Attention: ordex Gerrit-Comment-Date: Thu, 17 Oct 2024 14:49:41 + Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: flichtenheld Comment-In-Reply-To: ordex Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [M] Change in openvpn[master]: allow user to specify 'local' multiple times in config files
Attention is currently required from: flichtenheld, ordex, plaisthos. its_Giaan has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/436?usp=email ) Change subject: allow user to specify 'local' multiple times in config files .. Patch Set 6: (6 comments) File doc/man-sections/link-options.rst: http://gerrit.openvpn.net/c/openvpn/+/436/comment/e41c0651_4dde7880 : PS5, Line 114: 0.0.0.0 or :: can be used to specifically open a socket. > Sentence does end in the middle? Done http://gerrit.openvpn.net/c/openvpn/+/436/comment/5a0ba867_50a05ad8 : PS5, Line 117: or name > Should probably say "default TCP/UDP port number" or something like that and > mention that this can b […] Done File src/openvpn/options.c: http://gerrit.openvpn.net/c/openvpn/+/436/comment/bea38f19_4d89f447 : PS5, Line 2400: * Sanity check on daemon mode > Not sure what daemon is supposed to mean in this context? Done http://gerrit.openvpn.net/c/openvpn/+/436/comment/a4fc0da7_d28cb303 : PS5, Line 3198: if (ce->proto == PROTO_UDP && ce->socks_proxy_server && !ce->local_list && !ce->local_port_defined && !ce->bind_defined) > Should use need_bind to simplify the condition. Done http://gerrit.openvpn.net/c/openvpn/+/436/comment/08d0b545_36ce02f5 : PS5, Line 3327: options_postprocess_mutate_le(struct options *o, struct local_entry *le) > should maybe take o->ce as input and not o, just to make clear that it > doesn't need the rest? Done File src/openvpn/socket.c: http://gerrit.openvpn.net/c/openvpn/+/436/comment/f094b608_24a1894e : PS5, Line 358: options > either this should use "l" or the definition of "l" should be removed > completely. Done -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/436?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I4d1c96662c5a8c750d883e3b20adde09529e2764 Gerrit-Change-Number: 436 Gerrit-PatchSet: 6 Gerrit-Owner: ordex Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: its_Giaan Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: flichtenheld Gerrit-Attention: ordex Gerrit-Comment-Date: Thu, 17 Oct 2024 14:50:31 + Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: flichtenheld Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
