Re: [Openvpn-devel] 2.3alpha1 fails on OS X when the --up argument contains more than an execution path

On Wed, Mar 7, 2012 at 9:10 AM, David Sommerseth wrote: [skipped] > > OpenVPN 2.3alpha1 fails when the argument to "--up" contains more > > than an execution path. The problem also occurs for the "--down" > > option and the new "--route-pre-down" option (and presumably any other > > options that t

Re: [Openvpn-devel] [PATCH 33/52] build: properly detect and use socket libs

Although I work with flameeyes closely in some of these issues... I disagree with his opinion here as generic approach. He is write as in most cases people just adds libraries as they go in the configure process... So you check for dl, then rt, then resolv, then selinux etc... building your LIBS.

Re: [Openvpn-devel] [PATCH 31/52] build: autoconf: commands as environment

Just like CPP, CC, CXX, LD, AR, PKG_CONFIG Programs are expected to be in environment. The autoconf detection get/set these in environment too. 2012/3/8 Samuli Seppänen : > So, this patch replaces (removes?) the "--with--path" configure > options with environment variables, right?  For example, i

Re: [Openvpn-devel] [PATCH 35/52] build: proper selinux detection and usage

I wrote this in the introduction of the patch set. There are two approaches to detecting dependencies: 1. Detect all compile time dependences- you detect headers and libraries, this is probably the safest way to go, but makes the code very complex. 2. Detect library only - you assume that if lib

Re: [Openvpn-devel] [PATCH 41/52] build: autoconf: update defaults for options

Yes. You cannot put '[' or ']' in m4. 2012/3/8 Samuli Seppänen : > I'd rather not RTFM... could somebody explain to me what the funky > "@<:@default=no@:>@" thing exactly does? Does it just add the default > "enabled/disabled" value to the help strings? > > If so it's an ACK. > > -- > Samuli Seppä

Re: [Openvpn-devel] [PATCH 47/52] build: move inet_ntop(), inet_pton() emulation into compat

Not exactly... windows has this in Vista and above. As long as we need to support XP we need to implement replacement functionality. 2012/3/8 Samuli Seppänen : > Windows has this functionality, but not under the same function names as > UNIX. So thse two are just wrappers around the Windows-specif

Re: [Openvpn-devel] [PATCH 49/52] build: move wrappers into platform module

Well, at first I wanted to split it into its own libplatform distinct from libcompat. libcompat - emulation of missing library functions, drop-in replacement. libplatform - extensions to library functions, such as unicode or security additions. But then I've seen that there is too much openvpn sp

Re: [Openvpn-devel] [PATCH 46/52] build: move daemon() emulation into compat

daemon is gnu specific: --- CONFORMING TO Not in POSIX.1-2001. A similar function appears on the BSDs. The daemon() function first appeared in 4.4BSD. --- Solaris, uclibc and other does not have it. 2012/3/8 Samuli Seppänen : > Which platforms need daemon() emulation? Only Windows

Re: [Openvpn-devel] [PATCH 50/52] build: windows: install version.sh to allow installer read version

Not exactly. It is used[1] by the packaging script... just sourced to get some environment variables. [1] https://github.com/alonbl/openvpn-build/blob/master/windows-nsis/build#L55 2012/3/8 Samuli Seppänen : > Is this meant to allow using these variables[1] in the NSIS script(s)? > > -- > Samuli

Re: [Openvpn-devel] [easy-rsa 1/4] cleanup: fix execute permission

I can do this as well... unrelated to the packaging though... :) 2012/3/8 Samuli Seppänen : > ACK. A few related questions/suggestions: > > - perhaps "easy-rsa/1.0" could be removed altogether? > - perhaps "openssl-0.9.6.cnf" and any references to it could be removed > also? > > -- > Samuli Seppän

Re: [Openvpn-devel] [easy-rsa 4/4] packaging: rpm: initial add

Support for RPM in easy-rsa, nice. Feature-vise it's an ACK. Afaics autotools stuff is ok, but I'm no expert. Somebody else have a look please :). -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock PS. We need Debian rules files too... that's probably some

Re: [Openvpn-devel] [easy-rsa 3/4] build: doc

Looks good. Moves docs into a separate directory with it's own makefile. Provided that patch 2/4 was sane autotools-vise, I give this one an ACK. -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock > Signed-off-by: Alon Bar-Lev > --- > Makefile.am

Re: [Openvpn-devel] [easy-rsa 2/4] build: simple autotools build

This patch copies COPYING and COPYRIGHT files from OpenVPN to the easy-rsa subproject, which makes sense. The Makefile.am and configure.ac look ok, but I'm far from an autotools expert. Consider this as a feature-ACK :). If not done already in later patches, I suggest replacing "OpenVPN" with "eas

Re: [Openvpn-devel] [easy-rsa 1/4] cleanup: fix execute permission

ACK. A few related questions/suggestions: - perhaps "easy-rsa/1.0" could be removed altogether? - perhaps "openssl-0.9.6.cnf" and any references to it could be removed also? -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock > Signed-off-by: Alon Bar-Lev

Re: [Openvpn-devel] [PATCH 52/52] build: use tap-windows.h as external dependency

If I understood this correctly, include/tap-windows.h gets removed, and will then be included using the same mechanism that's used to include LZO headers, OpenSSL headers, etc. I think this makes sense now that the TAP-driver is a separate subproject. ACK. -- Samuli Seppänen Community Manager Op

Re: [Openvpn-devel] [PATCH 51/52] build: distribute samples in windows

So, this essentially makes sure client.conf and server.conf are included in Windows (installers) as client.ovpn and server.ovpn? If so, ACK. -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock > Signed-off-by: Alon Bar-Lev > --- > configure.ac |

Re: [Openvpn-devel] [PATCH 50/52] build: windows: install version.sh to allow installer read version

Is this meant to allow using these variables[1] in the NSIS script(s)? -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock [1] OPENVPN_PACKAGE_NAME="@PACKAGE_NAME@" OPENVPN_PACKAGE_TARNAME="@PACKAGE_TARNAME@" OPENVPN_PACKAGE_VERSION="@PACKAGE_VERSION@" OPEN

Re: [Openvpn-devel] [PATCH 49/52] build: move wrappers into platform module

This probably makes sense, lots of good refactorings. That said, I'd like to know how you selected what goes to platform.c? -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock > + Some fixups within the platform.c functions. > - need to check environment se

Re: [Openvpn-devel] [PATCH 48/52] cleanup: move console related function into its own module

Currently many files (42) include misc.h, which is a lot. Also, misc.c is among the biggest files in the codebase[1], so splitting it into smaller files with good names and well-defined functionality makes sense: "Oh, this include console.h, it must be using some console-related functions" Featur

Re: [Openvpn-devel] [PATCH 47/52] build: move inet_ntop(), inet_pton() emulation into compat

Windows has this functionality, but not under the same function names as UNIX. So thse two are just wrappers around the Windows-specific functionality. In any case, I think it makes sense to move inet_pton and inet_ntop under src/compat. The actual code changes seem fairly trivial. ACK. -- Samul

Re: [Openvpn-devel] [PATCH 46/52] build: move daemon() emulation into compat

Which platforms need daemon() emulation? Only Windows? I think it makes sense to isolate OS compatibility functions to files under src/compat. Better than having them in misc.c. Also, I can't see any obvious issues with the patch, code-vise. ACK. -- Samuli Seppänen Community Manager OpenVPN Tec

Re: [Openvpn-devel] [PATCH 44/52] build: split out compat

The commit message makes sense to me, so it's a feature-ACK. Somebody else might want to look at the code itself. -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock > compat should not use any of the main project headers or conventions, > it should be a st

Re: [Openvpn-devel] [PATCH 42/52] build: win-msvc: msbuild format

A huge patch :). So, this basically adds the new MSVC build system, which we want, at least for now. All the changes to existing files are fairly trivial. I didn't go through all of this, but I suggest we give this one an ACK and fix any issues later on. I've tested this buildsystem and it worked

Re: [Openvpn-devel] [PATCH 41/52] build: autoconf: update defaults for options

I'd rather not RTFM... could somebody explain to me what the funky "@<:@default=no@:>@" thing exactly does? Does it just add the default "enabled/disabled" value to the help strings? If so it's an ACK. -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock >

Re: [Openvpn-devel] [PATCH 38/52] build: properly process lzo-stub

Much of this patch is about renaming LZO_STUB as the more descriptive ENABLE_LZO_STUB, and making thing clearer is always good. Also, the LZO_STUB-related logic is moved out of syshead.h to configure.ac. Somebody with more autotools knowledge might want to review this just in case. If nobody spea

Re: [Openvpn-devel] [PATCH 37/52] build: proper pkcs11-helper detection and usage

These changes follow the same style as earlier patches, e.g. the selinux patch. Pkg-config is now being used to detect pkcs11-helper afaics. Also, pkcs11-helper now disabled by default, which I think makes sense. I don't see why this shouldn't be included, so it's an ACK. -- Samuli Seppänen Comm

Re: [Openvpn-devel] [PATCH 36/52] build: distribute pkg.m4

If we need pkg-config, then we also want this one: "Macros to locate and utilise pkg-config" ACK. -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock > RHEL and others do not install this globally, so we provide our own copy. > > Signed-off-by: Alon Bar-

Re: [Openvpn-devel] [PATCH 35/52] build: proper selinux detection and usage

Looks like a cleaner implementation than the earlier one. I take it AC_CHECK_HEADER is not anymore needed to detect selinux.h, but why exactly? Besides that I give this one an ACK. -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock > Signed-off-by: Alon B

Re: [Openvpn-devel] [PATCH 33/52] build: properly detect and use socket libs

Did some digging regarding AC_SEARCH_LIBS and AC_CHECK_LIB. Somebody with more autotools knowledge might want to read this one: So, the question is: why AC_CHECK_LIB rather than AC_SEARCH_LIBS in this particular case? Apparently

Re: [Openvpn-devel] [PATCH 31/52] build: autoconf: commands as environment

So, this patch replaces (removes?) the "--with--path" configure options with environment variables, right? For example, if one has "ifconfig" in a non-standard place, he can set the IFCONFIG environment variable and the build will find it. Did I understand this correctly? I don't know autotool

Re: [Openvpn-devel] [PATCH 28/52] build: remove awk and non-standard autoconf output processing

This looks ok. If I understood it correctly, earlier the Makefile called configure_h.awk to parse config.h to generate configure.h. This configure.h file contained only two defines: #define CONFIGURE_DEFINES " ENABLE_CLIENT_SERVER ENABLE_DEBUG ENABLE_EUREPHIA ..." #define CONFIGURE_CALL " $ ./

Re: [Openvpn-devel] [PATCH 27/52] build: autoconf: remove OPENVPN_ADD_LIBS useless macro

Looks fairly straightforward: the OPENVPN_ADD_LIBS(LIB) macro[1] from "acinclude.m4" is being phased out, e.g. OPENVPN_ADD_LIBS(-ldmalloc) becomes LIBS="${LIBS} -ldmalloc" I don't think the macro does anything _that_ special it would be worth saving. ACK. -- Samuli Seppänen Community Manager

Re: [Openvpn-devel] OpenVPN Management Interface

Hallo David, > However, how will this approach make sure that malware don't use such a > (new) openvpn service to redirect all Internet traffic via a third-party > which can analyse everything happening? A malware on openvpn endpoint can analyse all decrypted traffic. No need to redirect. If you