[Openvpn-devel] [PATCH 2/2] Support creating iroute route entries on FreeBSD

n, gw, iface, table, metric); +} + +int +net_route_v6_del(openvpn_net_ctx_t *ctx, const struct in6_addr *dst, + int prefixlen, const struct in6_addr *gw, const char *iface, + uint32_t table, int metric) +{ +return net_route_v6("del", dst, prefixlen, gw, iface, table, metric); +} + +#endif -- 2.37.1 ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCHv2]: FreeBSD DCO support

fairly certain that any bug is going to be on the kernel side, so it makes sense to me to continue these changes while I dig into that. Best regards, Kristof ___________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH 1/2] ovpn-dco: introduce FreeBSD data-channel offload support

Remarks inline. Mostly ACK. I’ll post an updated version soon. (I’ve also added a check for UDP in dco_check_option_conflict_ce(). On 10 Aug 2022, at 18:32, Gert Doering wrote: > On Mon, Aug 08, 2022 at 04:34:23PM +0200, Kristof Provost via Openvpn-devel > wrote: >> diff --git a

Re: [Openvpn-devel] [PATCH 1/2] ovpn-dco: introduce FreeBSD data-channel offload support

On 13 Aug 2022, at 10:10, Gert Doering wrote: > On Thu, Aug 11, 2022 at 05:25:05PM +0200, Kristof Provost via Openvpn-devel > wrote: >>> - running openvpn over TCP gives me a kernel panic - this is not so >>>nice... (see attached .png from the vmware console) -

Re: [Openvpn-devel] [PATCH 1/2] ovpn-dco: introduce FreeBSD data-channel offload support

t+ca certificates to run against > our test server. > That’d be useful, yes. I’ve not yet been able to get the tests to run the way they’re supposed to. Best regards, Kristof _______ Openvpn-devel mailing list Openvpn-devel@list

[Openvpn-devel] Possible bug?

9-for-x86_64-baseos-rpms Red Hat Enterprise Linux 9 for x86_64 - BaseOS (RPMs) # getenforce Disabled # uname -a Linux test 5.14.0-70.22.1.el9_0.x86_64 #1 SMP PREEMPT Tue Aug 2 10:02:12 EDT 2022 x86_64 x86_64 x86_64 GNU/Linux Let me kn

Re: [Openvpn-devel] Possible bug?

. Thanks, Richard Sent with Proton Mail secure email. --- Original Message --- On Thursday, August 18th, 2022 at 02:37, Magnus Larsson via Openvpn-devel wrote: > Hi, > I just moved from Ubuntu 20.04 LTS (where the exact command works fine and > does not prompt for pass phras

Re: [Openvpn-devel] [PATCH] FreeBSD-DCO: repair device iteration to find first free interface.

", > ifr.ifr_data); > return ret; > } > > @@ -229,16 +231,7 @@ remove_interface(struct tuntap *tt) > int > open_tun_dco(struct tuntap *tt, openvpn_net_ctx_t *ctx, const char *dev) > { > - int ret; > - > - ret = create_interface(tt,

[Openvpn-devel] [PATCH] FreeBSD networking cleanup

gw, buf2, sizeof(buf2)), +table); argv_msg(M_INFO, &argv); status = openvpn_execve_check(&argv, NULL, 0, - "ERROR: FreeBSD route add command failed"); + "ERROR: FreeBSD route command failed"

[Openvpn-devel] [PATCH]: FreeBSD networking cleanup

ust remove the ‘add’, which makes the error message make sense for both add and del. Best regards, Kristof ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] DCO: require valid netbits setting for non-primary iroutes.

ir->netbits = netmask_to_netbits2(netmask); > + > +if (ir->netbits<0) And here too. So ‘if (ir->netbits < 0)’ > { > msg(msglevel, "in --iroute %s %s : Bad network/subnet > specification", > network_str, Regards, Kristof ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] Adjust Linux+FreeBSD DCO device name handling to 'non DCO linux style'

Ds anyway, > so is not the best model. > > Adjust open_tun_dco_generic() to document expected behaviour and > do the thing. > > Signed-off-by: Gert Doering Acked-by: Kristof Provost Kristof _______ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] big packet loss with FreeBSD DCO

s happening inside the DCO module". I'll > go instrument my kernel with printf()'s now... and will report if I find > anything useful. > Thanks! I’m on my way to Vienna for EuroBSDCon now, so I will be distracted until early next week, but when I’m back I shoul

Re: [Openvpn-devel] more crashes with FreeBSD DCO...

ampoline+0xe/frame 0xfe000859ef30 > --- trap 0, rip = 0, rsp = 0, rbp = 0 --- > KDB: enter: panic > ---<>--- > I can reproduce the memory leak, but not the panic. I’m also entirely unclear how if_ovpn would trigger anything in gtaskqueue*. It doesn’t use any task queues, on

Re: [Openvpn-devel] big packet loss with FreeBSD DCO

27;m not submitting a patch for that, because usually there is > a good reason for rounding up and doing blocks and all that - so, I > found the offending lines, but do not feel qualified for a correct > fix. > The offending code is almost certainly wrong. I know the guy who wrote them and … he means well ;) I think I was confused about what was needed in packet size. I’ll try to test your patch in the next couple of days. Kristof ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH 2/2] FreeBSD DCO: introduce real subnet mode

_ifmode(&tt->dco, i); > + > return 0; > } > > diff --git a/src/openvpn/ovpn_dco_freebsd.h b/src/openvpn/ovpn_dco_freebsd.h > index 7ceec06e..cf92d597 100644 > --- a/src/openvpn/ovpn_dco_freebsd.h > +++ b/src/openvpn/ovpn_dco_freebsd.h > @@ -60,5 +60,6 @@ enum ov

Re: [Openvpn-devel] [PATCH 1/2] FreeBSD: for topology subnet, put tun interface into IFF_BROADCAST mode

int i = IFF_POINTOPOINT | IFF_MULTICAST; > +if (tt->topology == TOP_SUBNET) > + { > +i = IFF_BROADCAST | IFF_MULTICAST; > + } > > if (ioctl(tt->fd, TUNSIFMODE, &i) < 0) > { > msg(M_WARN | M_ERRNO, "ioctl(TUNSIFMODE)"); > } > + > +/* multi_af mode for v4+v6, see "tun(4)" */ > i = 1; > if (ioctl(tt->fd, TUNSIFHEAD, &i) < 0) > { > -- > 2.37.3 > > > > ___ > Openvpn-devel mailing list > Openvpn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-devel ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH]: FreeBSD DCO supports AES-192-GCM

Minor update, but FreeBSD's if_ovpn now also supports AES-192-GCM. We may as well announce this support. Best regards, Kristof ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/op

Re: [Openvpn-devel] [PATCH]: FreeBSD DCO supports AES-192-GCM

On 11 Nov 2022, at 11:36, Arne Schwabe wrote: Am 11.11.2022 um 11:20 schrieb Kristof Provost via Openvpn-devel: Minor update, but FreeBSD's if_ovpn now also supports AES-192-GCM. We may as well announce this support. This seems to be missing the patch. Git’s send-email sent it as a sep

[Openvpn-devel] [PATCH] FreeBSD DCO: support AES-192-GCM

S-128-GCM:CHACHA20-POLY1305"; +return "none:AES-256-GCM:AES-192-GCM:AES-128-GCM:CHACHA20-POLY1305"; } #endif /* defined(ENABLE_DCO) && defined(TARGET_FREEBSD) */ -- 2.38.1 _______ Openvpn-devel mailing list Openvpn-devel

[Openvpn-devel] [PATCH]: FreeBSD DCO can use the socket for control packets

Hi, The next e-mail has a patch to teach OpenVPN it can pass control packets through the socket on FreeBSD. This patch does that, and also removes the now unused dco_do_write() implementation. Best regards, Kristof ___ Openvpn-devel mailing list

[Openvpn-devel] [PATCH] dco: pass control packets through the socket on FreeBSD

l->dco_installed; #else return false; -- 2.38.1 _______ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] dco: pass control packets through the socket on FreeBSD

l->dco_installed; #else return false; -- 2.38.1 _______ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [DRAFT]: packet counting for DCO

ets which go through the socket directly (so not through the DCO driver). This isn't intended to be a finished patch, rather it's intended to serve as a basis for discussion. Best regards, Kristof ___________ Openvpn-devel mailing list Openvpn-dev

[Openvpn-devel] [PATCH] Read DCO traffic stats from the kernel

read_bytes; counter_type link_read_bytes_auth; counter_type link_write_bytes; +counter_type dco_write_bytes; #ifdef PACKET_TRUNCATION_CHECK counter_type n_trunc_tun_read; counter_type n_trunc_tun_write; diff --git a/src/openvpn/ovpn_dco_freebsd.h b/src/ope

[Openvpn-devel] [PATCH 2/4] dco: Update counters when a client disconnects

i_context *m) dco->dco_message_type = 0; dco->dco_message_peer_id = -1; +dco->dco_read_bytes = 0; +dco->dco_write_bytes = 0; return ret > 0; } #endif /* if defined(ENABLE_DCO) && defined(TARGET_LINUX) */ -- 2.38.1 _______ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH]: FreeBSD DCO updates

/D37606 Best regards, Kristof ___________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 4/4] dco: cleanup FreeBSD dco_do_read()

wn kernel notification %d", type); +break; } nvlist_destroy(nvl); -- 2.38.1 ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 3/4] Read the peer deletion reason from the kernel

OVPN_NOTIF_DEL_PEER, }; +enum ovpn_del_reason { +OVPN_DEL_REASON_REQUESTED = 0, +OVPN_DEL_REASON_TIMEOUT = 1 +}; + enum ovpn_key_slot { OVPN_KEY_SLOT_PRIMARY = 0, OVPN_KEY_SLOT_SECONDARY = 1 -- 2.38.1 ___________ Openvpn-devel maili

[Openvpn-devel] [PATCH 1/4] Read DCO traffic stats from the kernel

er_type link_read_bytes; +counter_type dco_read_bytes; counter_type link_read_bytes_auth; counter_type link_write_bytes; +counter_type dco_write_bytes; #ifdef PACKET_TRUNCATION_CHECK counter_type n_trunc_tun_read; counter_type n_trunc_tun_write; diff --git a/src/openvpn/o

[Openvpn-devel] [PATCH 2/3] use new pkcs11-helper provider interface

er( provider, @@ -407,6 +441,7 @@ pkcs11_addProvider( cert_private )) != CKR_OK ) +#endif { msg(M_WARN, "PKCS#11: Cannot initialize provider '%s' %ld-'%s'", provider, rv, pkcs11h_getMessage(rv)); } -- 2.38.1.windows.1 ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 1/3] unify code paths for loading PKCS11

, TRUE, 0, cert_private ? TRUE : FALSE)) { msg(M_FATAL, "PKCS#11: Cannot add provider '%s' %ld-'%s'", provider, rv, pkcs11h_getMessage(rv)); goto cleanup; -- 2.38.1.windows.1 ___________ Openvpn-de

[Openvpn-devel] [PATCH 3/3] special handling for PKCS11 providers on win32

quot;PKCS#11: Cannot set alternative loader flags '%s' %ld-'%s'", provider, rv, pkcs11h_getMessage(rv)); +} +#endif if ((rv = pkcs11h_initializeProvider(provider)) != CKR_OK) { pkcs11h_removeProvider(provider); -- 2.38.1.windows.1

[Openvpn-devel] [PATCH] support PKCS11 lib dependencies

. ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v2 1/3] unify code path for adding PKCS#11 providers

TAL, "Failed to add PKCS#11 provider '%s", provider); goto cleanup; } -- 2.38.1.windows.1 ___________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v2 2/3] use new pkcs11-helper interface to add providers

h_getMessage(rv)); } +#endif /* if PKCS11H_VERSION >= ((1<<16) | (28<<8) | (0<<0)) */ dmsg( D_PKCS11_DEBUG, -- 2.38.1.windows.1 ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v2 3/3] special handling for PKCS11 providers on win32

LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR; +rv = pkcs11h_setProviderProperty(provider, PKCS11H_PROVIDER_PROPERTY_LOADER_FLAGS, &loader_flags, sizeof(loader_flags)); +} +#endif if (rv != CKR_OK || (rv = pkcs11h_initializeProvider(provider)) != CKR_OK) { -- 2.38

[Openvpn-devel] [PATCH v3 3/3] special handling for PKCS11 providers on win32

ags, sizeof(loader_flags)); +} +#endif if (rv != CKR_OK || (rv = pkcs11h_initializeProvider(provider)) != CKR_OK) { -- 2.38.1.windows.1 _______ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.ne

Re: [Openvpn-devel] [PATCH v2 3/3] special handling for PKCS11 providers on win32

also be an acceptable compromise: 3/3 v2 -> 2.6 branch 3/3 v3 -> master The timeline for pkcs11-helper releases is not something I even dare to predict. :) Regrads, Marc ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net

[Openvpn-devel] [PATCH] vcpkg-ports/pkcs11-helper: support loader flags

ig-w32-vc.h.in-indicate-OpenSSL.patch pkcs11-helper-001-RFC7512.patch +pkcs11-helper-002-dynamic_loader_flags.patch ) vcpkg_build_nmake( -- 2.39.0.windows.1 _______ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 2/2] options.c: enforce a minimal fragment size

t;fragment needs to be at least 68"); +goto err; +} + if (p[2] && streq(p[2], "mtu")) { options->ce.fragment_encap = true; -- 2.39.2 ___________ Openvpn-devel mailing list Openvpn-devel@lists.

[Openvpn-devel] [PATCH 1/2] configure: improve FreeBSD DCO check

.]) +AC_MSG_WARN([DCO header not found.]) ] ) if test "$enable_dco" = "no"; then -- 2.39.2 ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] dco: define OVPN_DEL_PEER_REASON_TRANSPORT_DISCONNECT on FreeBSD

ly, sometimes these -- 2.39.2 ___________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] dco: define OVPN_DEL_PEER_REASON_TRANSPORT_DISCONNECT on FreeBSD

On 3 Mar 2023, at 12:48, Antonio Quartulli wrote: > On 03/03/2023 12:27, Antonio Quartulli wrote: >> Hi, >> >> On 03/03/2023 12:05, Kristof Provost via Openvpn-devel wrote: >>> From: Kristof Provost >>> >>> FreeBSD's if_ovpn will never emit t

Re: [Openvpn-devel] [PATCH] dco: print version to log if available

to do for FreeBSD is to log the OS version. Kristof _______________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] dco: print version to log if available

gt; This said, reporting the kernel/os version is absolutely appropriate if > that's what identifies the DCO version. > There’s no API in FreeBSD’s DCO to identify its version either, which is another reason to just use the OS version. > Is that something you could implement in dco_fre

[Openvpn-devel] [PATCH] dco: print FreeBSD version

uot;%s", name.version); + +return (char *)out.data; } void -- 2.39.2 _______________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] dco: print FreeBSD version

On 9 Mar 2023, at 13:06, Arne Schwabe wrote: > Am 09.03.23 um 10:26 schrieb Kristof Provost via Openvpn-devel: >> From: Kristof Provost >> >> Implement dco_version_string() for FreeBSD. >> Unlike Linux and Windows the DCO driver is built into the operating >>

[Openvpn-devel] [PATCH] dco: print FreeBSD version

gt;version; } void -- 2.39.2 ___________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] DCO: support key rotation notifications

+573,9 @@ bool tls_session_generate_data_channel_keys(struct tls_multi *multi, struct tls_session *session); +void +tls_session_soft_reset(struct tls_multi *multi); + /** * Load ovpn.xkey provider used for external key signing */ -- 2.40.0 ___

[Openvpn-devel] [PATCH] dco-linux: fix counter print format

if (tb[OVPN_GET_PEER_RESP_ATTR_VPN_TX_BYTES]) { c2->tun_write_bytes = nla_get_u64(tb[OVPN_GET_PEER_RESP_ATTR_VPN_TX_BYTES]); -msg(D_DCO_DEBUG, "%s / tun_write_bytes: %lu", __func__, +msg(D_DCO_DEBUG, "%s / tun_write_bytes: " counter_format,

[Openvpn-devel] [Openvpn-Devel] [PATCH] vcpkg-ports/pkcs11-helper: bump to version 1.30

er", -"version": "1.29.0", +"version": "1.30.0", "description": "pkcs11-helper is a library that simplifies the interaction with PKCS#11 providers for end-user applications.", "homepage": "https://github.com/OpenSC/pkcs11-helper";, "license": "BSD-3-Clause OR GPL-2.0-only" -- 2.43.0.windows.1 ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] dco-freebsd: dynamically re-allocate buffer if it's too small

nvl) { msg(M_WARN, "Failed to unpack nvlist"); -- 2.43.0 ___________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 3/3] netsh: Delete WINS servers on TUN close

get_win_sys_path(), +NETSH_PATH_SUFFIX, +tt->adapter_index); +netsh_command(&argv, 1, M_WARN); +} + if (ipv6 && tt->type == DEV_TYPE_TUN) { delete_route_connected_v6_net(tt); -- 2.28.0.windows.1 ___

[Openvpn-devel] [PATCH 1/3] netsh: Specify interfaces by index rather than name

vX delete address \"%s\" %s */ +/* netsh interface ipvX delete address %lu %s */ if (ipv6) { ifconfig_ip_local = print_in6_addr(tt->local_ipv6, 0, gc); @@ -6725,11 +6719,11 @@ netsh_delete_address_dns(const struct tuntap *tt, bool ipv6, struct gc_arena *gc ifconfig_ip_local = print_in_addr_t(tt->local, 0, gc); } argv_printf(&argv, -"%s%s interface %s delete address %s %s store=active", +"%s%s interface %s delete address %lu %s store=active", get_win_sys_path(), NETSH_PATH_SUFFIX, ipv6 ? "ipv6" : "ipv4", -tt->actual_name, +tt->adapter_index, ifconfig_ip_local); netsh_command(&argv, 1, M_WARN); -- 2.28.0.windows.1 ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] openvpnmsica: Simplify find_adapters() to void return

rAdresses); cleanup_pAdapterList: tap_free_adapter_list(pAdapterList); -return uiResult; } -- 2.28.0.windows.1 _______ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 2/3] netsh: Clear existing IPv6 DNS servers before configuring new ones

adapter_index); +netsh_command(&argv, 2, M_FATAL); + for (int i = 0; i < addr_len; ++i) { const char *fmt = (i == 0) ? -- 2.28.0.windows.1 _______ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.source

[Openvpn-devel] [PATCH] openvpnmsica: Skip legacy TAP-Windows6 adapters from evaluation

bitwise combination of the DN_* constants. */ +ULONG ulProblemNumber; /** When ulStatus has DN_HAS_PROBLEM set, this member is one of the CM_PROB_* constants. */ struct tap_adapter_node *pNext; /** Pointer to next adapter */ }; -- 2.28.0.windows.1 _______ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] reliable: retransmit if 3 follow-up ACKs are received

} diff --git a/src/openvpn/reliable.h b/src/openvpn/reliable.h index a84d4290..bf0b561b 100644 --- a/src/openvpn/reliable.h +++ b/src/openvpn/reliable.h @@ -72,6 +72,7 @@ struct reliable_entry interval_t timeout; time_t next_try; packet_id_type packet_id; +size_t n_acks;

[Openvpn-devel] [Patch] Wipe Socks5 credentials after use

the authentication"); -return false; +goto cleanup; } -return true; +ret = true; +cleanup: +secure_memzero(&creds, sizeof(creds)); +secure_memzero(to_send, sizeof(to_send)); + return ret; } static bool -- 2.11.0 _

Re: [Openvpn-devel] [Patch] Wipe Socks5 credentials after use

Sorry about that! I'll send it again from my personal account later. -Original Message- From: Gert Doering [mailto:g...@greenie.muc.de] Sent: vrijdag 19 maart 2021 18:30 To: Maximilian Fillinger Cc: openvpn-devel@lists.sourceforge.net Subject: Re: [Openvpn-devel] [Patch] Wipe S

[Openvpn-devel] [PATCH 5/5] iservice: Resolve MSVC C4996 warnings

at(path, TEXT("\"")); +_tcscat_s(path, _countof(path), TEXT("\"")); svc_ctl_mgr = OpenSCManager(NULL, NULL, SC_MANAGER_CONNECT | SC_MANAGER_CREATE_SERVICE); if (svc_ctl_mgr == NULL) -- 2.30.0.windows.2 ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 4/5] tapctl: Resolve MSVC C4996 warnings

e); *m = LoadLibraryW(libpath); if (*m == NULL) -- 2.30.0.windows.2 ___________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 2/5] tun.c: Remove dead code

_ADDR_STRING */ -- 2.30.0.windows.2 _______________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 1/5] MSVC: Disable LZ4

.30.0.windows.2 _______ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 3/5] interactive.c: Resolve MSVC C4996 warning

istItem(&(*lists)[undo_type], tmp_name)) { free(tmp_name); -- 2.30.0.windows.2 ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH 4/5] tapctl: Resolve MSVC C4996 warnings

if (wcslen(libpath) + 1 /*\*/ + wcslen(libname) >= > > + _countof(libpath)) > > This random inline comment feels extremely weird. It's trying to describe the "+ 1" amounts for a backslash \ being strcat-ed in the process below. Regards, Simon __

Re: [Openvpn-devel] [PATCH 1/5] MSVC: Disable LZ4

in my sandbox only. Shall we drop this patch for now? Regards, Simon _______ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v2 4/5] tapctl: Resolve MSVC C4996 warnings

scat_s(libpath, _countof(libpath), L"\\"); +wcscat_s(libpath, _countof(libpath), libname); *m = LoadLibraryW(libpath); if (*m == NULL) -- 2.30.0.windows.2 _______________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] openvpnserv: Cache last error before it is overridden

openvpn_sntprintf(buf, _countof(buf), TEXT("%s (0x%x)"), tmp, GetLastError()); +openvpn_sntprintf(buf, _countof(buf), TEXT("%s (0x%x)"), tmp, error); } if (tmp) -- 2.30.0.windows.2 _______________ Openvpn-devel mailing list

[Openvpn-devel] PID is deleted unconditionally on exit

/p/openvpn/mailman/message/37055147/ OpenPGP_signature Description: OpenPGP digital signature _______ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] Add ability to specify initialize flags for pkcs11 provider

11: pkcs11_addProvider - return rv=%ld-'%s'", -rv, -pkcs11h_getMessage(rv) -); +"PKCS#11: pkcs11 registration is %s", + success ? "success" : "failed" + ); -return rv == CKR_OK; +return success; } int diff --git a/src/openvpn/pkcs11.h b/src/openvpn/pkcs11.h index ec524706..bf3f2dfa 100644 --- a/src/openvpn/pkcs11.h +++ b/src/openvpn/pkcs11.h @@ -42,7 +42,8 @@ pkcs11_addProvider( const char *const provider, const bool fProtectedAuthentication, const unsigned private_mode, -const bool fCertIsPrivate +const bool fCertIsPrivate, +const unsigned init_flags ); int -- 2.31.1 ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH DCO]: cleanups prior to FreeBSD DCO support

istof ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 3/3] dco: Check for ipi_addr before using it

struct sockaddr_storage *local) { -#if ENABLE_IP_PKTINFO +#if ENABLE_IP_PKTINFO && defined(HAVE_IN_PKTINFO) struct context *c = &mi->context; if (!(c->options.sockflags & SF_USE_IP_PKTINFO)) -- 2.35.1 _______ Openvpn-

[Openvpn-devel] [PATCH 2/3] open_tun_generic(): Do not consider open_tun_dco() returning 0 to be an error

rue; } -else +else if (ret != 0) { msg(M_ERR, "Cannot open TUN/TAP dev %s: %d", dynamic_name, ret); } -- 2.35.1 _______ Openvpn-devel mailing list

[Openvpn-devel] [PATCH 1/3] dco: dco_meesage_peer_id -> dco_message_peer_id

peer_id < m->max_clients) && (m->instances[peer_id])) { @@ -3204,7 +3204,7 @@ multi_process_incoming_dco(struct multi_context *m) } dco->dco_message_type = 0; -dco->dco_meesage_peer_id = -1; + dco->dco_message_peer_id = -1; return ret > 0; }

[Openvpn-devel] [PATCH 2/3] open_tun_generic(): Do not consider open_tun_dco() returning 0 to be an error

rue; } -else +else if (ret != 0) { msg(M_ERR, "Cannot open TUN/TAP dev %s: %d", dynamic_name, ret); } -- 2.35.1 _______ Openvpn-devel mailing list

[Openvpn-devel] [PATCH 3/3] dco: Check for ipi_addr before using it

struct sockaddr_storage *local) { -#if ENABLE_IP_PKTINFO +#if ENABLE_IP_PKTINFO && defined(HAVE_IN_PKTINFO) struct context *c = &mi->context; if (!(c->options.sockflags & SF_USE_IP_PKTINFO)) -- 2.35.1 _______ Openvpn-

[Openvpn-devel] [PATCH DCO]: cleanups prior to FreeBSD DCO support

istof ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 1/3] dco: dco_meesage_peer_id -> dco_message_peer_id

peer_id < m->max_clients) && (m->instances[peer_id])) { @@ -3204,7 +3204,7 @@ multi_process_incoming_dco(struct multi_context *m) } dco->dco_message_type = 0; -dco->dco_meesage_peer_id = -1; + dco->dco_message_peer_id = -1; return ret > 0; }

[Openvpn-devel] [PATCH DCO]: FreeBSD DCO support

to provide them, if only as stubs. I've not done that here. For those interested in testing, the kernel side of things is under review here: https://reviews.freebsd.org/D34340 Best, Kristof _______________ Openvpn-devel mailing list Openvpn-devel@lists.source

[Openvpn-devel] [PATCH 1/2] dco: process DCO control packets

n; +c->c2.from = lsi->lsa->actual; + +process_incoming_link(c); +buf_init(&c->c1.tuntap->dco.dco_packet_in, 0); } /* -- 2.35.1 _______________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 2/2] ovpn-dco: introduce FreeBSD data-channel offload support

dynamic_name, sizeof(dynamic_name), "%s%d", dev, i); -#ifdef TARGET_LINUX +#if defined(TARGET_LINUX) || defined(TARGET_FREEBSD) if (!tt->options.disable_dco) { if (open_tun_dco(tt, ctx,

Re: [Openvpn-devel] [PATCH 2/2] ovpn-dco: introduce FreeBSD data-channel offload support

On 8 Mar 2022, at 15:16, Antonio Quartulli wrote: > Hi Kristof, > > A quick question for you, see below > > On 24/02/2022 17:55, Kristof Provost via Openvpn-devel wrote: >> --- a/configure.ac >> +++ b/configure.ac >> @@ -787,7 +787,20 @@ dnl >>

Re: [Openvpn-devel] [PATCH DCO]: FreeBSD DCO support

On 8 Mar 2022, at 15:23, Antonio Quartulli wrote: > On 24/02/2022 17:55, Kristof Provost via Openvpn-devel wrote: >> I've had to add a lot of '|| defined(TARGET_FREEBSD)', and I think the >> code could be a bit cleaner if we'd make these calls conditional

Re: [Openvpn-devel] [PATCH 2/2] ovpn-dco: introduce FreeBSD data-channel offload support

use I’m used to FreeBSD’s style (https://www.freebsd.org/cgi/man.cgi?query=style&apropos=0&sektion=0&manpath=FreeBSD+13.0-RELEASE+and+Ports&arch=default&format=html), but consistency is important. I’ll update the patch (and also address the SET_TIMEOUT thing) soon. I’ve got a

[Openvpn-devel] [PATCH] ovpn-dco: introduce FreeBSD data-channel offload support

t char *dev_node, "/dev/%s%d", dev, i); openvpn_snprintf(dynamic_name, sizeof(dynamic_name), "%s%d", dev, i); -#ifdef TARGET_LINUX +#if defined(TARGET_LINUX) || defined(TARG

[Openvpn-devel] [PATCH DCO]: FreeBSD DCO support

Hi, Here's an updated version of the FreeBSD DCO patch. It addresses a few code style issues, moves the if_ovpn.h header into the tree and is rebased on top of the latest DCO branch version. Best regards, Kristof ___ Openvpn-devel mailing

[Openvpn-devel] [PATCH] ovpn-dco: introduce FreeBSD data-channel offload support

s%d", dev, i); openvpn_snprintf(dynamic_name, sizeof(dynamic_name), "%s%d", dev, i); -#ifdef TARGET_LINUX +#if defined(TARGET_LINUX) || defined(TARGET_FREEBSD) if (!tt->options.disable_dco) { if (open_tun_dco(tt, ctx, dynamic_name) == 0) @@ -1831,7 +1831,7 @@ open_tun_generic(const char *dev, const char *dev_type, const char *dev_node, } } -#ifdef TARGET_LINUX +#if defined(TARGET_LINUX) || defined(TARGET_FREEBSD) if (!tt->options.disable_dco) { if (!dynamic_opened) @@ -2011,7 +2011,7 @@ open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tun { open_null(tt); } -#if defined(TARGET_LINUX) +#if defined(TARGET_LINUX) || defined(TARGET_FREEBSD) else if (!tt->options.disable_dco) { open_tun_generic(dev, dev_type, NULL, true, tt, ctx); @@ -2267,7 +2267,7 @@ close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx) net_ctx_reset(ctx); } -#ifdef TARGET_LINUX +#if defined(TARGET_LINUX) || defined(TARGET_FREEBSD) if (!tt->options.disable_dco) { close_tun_dco(tt, ctx); diff --git a/src/openvpn/tun.h b/src/openvpn/tun.h index fee2c61c..4490ae9a 100644 --- a/src/openvpn/tun.h +++ b/src/openvpn/tun.h @@ -145,6 +145,12 @@ struct tuntap_options { bool disable_dco; }; +#elif defined(TARGET_FREEBSD) + +struct tuntap_options { +bool disable_dco; +}; + #else /* if defined(_WIN32) || defined(TARGET_ANDROID) */ struct tuntap_options { -- 2.35.1 ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH DCO]: FreeBSD DCO support

istof ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] OpenVPN encryption architecture

on is successful?  I found the article about authentication but it didn't describe the process after authentication.  Thanks for your help._______ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH DCO]: FreeBSD DCO support

s, Kristof _______ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] pass vpn addresses to the kernel

; +} + +if (remote_in6) +{ +nvlist_add_binary(nvl, "vpn_ipv6", remote_in6, sizeof(*remote_in6)); +} + nvlist_add_number(nvl, "fd", sd); nvlist_add_number(nvl, "peerid", peerid); -- 2.35.1 ________

[Openvpn-devel] [PATCH] ovpn-dco: introduce FreeBSD data-channel offload support

100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -1796,7 +1796,7 @@ open_tun_generic(const char *dev, const char *dev_type, const char *dev_node, "/dev/%s%d", dev, i); openvpn_snprintf(dynamic_name, sizeof(dynamic_name), "%s%d", dev, i); -#ifdef TARGET_LINUX +#if defined(TARGET_LINUX) || defined(TARGET_FREEBSD) if (!tt->options.disable_dco) { if (open_tun_dco(tt, ctx, dynamic_name) == 0) @@ -1831,7 +1831,7 @@ open_tun_generic(const char *dev, const char *dev_type, const char *dev_node, } } -#ifdef TARGET_LINUX +#if defined(TARGET_LINUX) || defined(TARGET_FREEBSD) if (!tt->options.disable_dco) { if (!dynamic_opened) @@ -2011,7 +2011,7 @@ open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tun { open_null(tt); } -#if defined(TARGET_LINUX) +#if defined(TARGET_LINUX) || defined(TARGET_FREEBSD) else if (!tt->options.disable_dco) { open_tun_generic(dev, dev_type, NULL, true, tt, ctx); @@ -2267,7 +2267,7 @@ close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx) net_ctx_reset(ctx); } -#ifdef TARGET_LINUX +#if defined(TARGET_LINUX) || defined(TARGET_FREEBSD) if (!tt->options.disable_dco) { close_tun_dco(tt, ctx); diff --git a/src/openvpn/tun.h b/src/openvpn/tun.h index fee2c61c..4490ae9a 100644 --- a/src/openvpn/tun.h +++ b/src/openvpn/tun.h @@ -145,6 +145,12 @@ struct tuntap_options { bool disable_dco; }; +#elif defined(TARGET_FREEBSD) + +struct tuntap_options { +bool disable_dco; +}; + #else /* if defined(_WIN32) || defined(TARGET_ANDROID) */ struct tuntap_options { -- 2.35.1 ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH DCO]: FreeBSD DCO support

server mode support, which required this information. This requires the FreeBSD driver in https://reviews.freebsd.org/D34340 Best regards, Kristof ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists

[Openvpn-devel] [PATCH DCO]: Handle (DCO) timeouts in client mode

100% sure this patch does the correct thing, but we do need to do something at the point it changes. Br, Kristof _______ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] Handle (DCO) timeouts in client mode

;ping timeout"); +return; +} + if (dco->dco_message_type != OVPN_CMD_PACKET) { msg(D_DCO_DEBUG, "%s: received message of type %u - ignoring", __func__, -- 2.36.0 ___________ Openvpn-devel mailing list Openvpn-de

[Openvpn-devel] [PATCHv2 DCO]: Handle (DCO) timeouts in client mode

Updated version of the timeout fix for client mode. This time with trigger_ping_timeout_signal() as suggested by Arne. Best regards, Kristof ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists

[Openvpn-devel] [PATCH] Handle (DCO) timeouts in client mode

return; +} + if (dco->dco_message_type != OVPN_CMD_PACKET) { msg(D_DCO_DEBUG, "%s: received message of type %u - ignoring", __func__, -- 2.36.0 ___________ Openvpn-devel mailing list Openvpn-devel@lists.

Re: [Openvpn-devel] [PATCH] Handle (DCO) timeouts in client mode

On 27 Apr 2022, at 9:55, Antonio Quartulli wrote: > Hi Kristof, > > On 27/04/2022 09:48, Kristof Provost via Openvpn-devel wrote: >> From: Kristof Provost >> >> Handle the DCO driver telling us that the peer went away, even if we're >> not running in multi-

<    1   2   3   4   >