Menu
▾
▴
openvpn-devel — OpenVPN developers list
You can subscribe to this list here.
| 2002 |
Jan
|
Feb
|
Mar
|
Apr
(24) |
May
(14) |
Jun
(29) |
Jul
(33) |
Aug
(3) |
Sep
(8) |
Oct
(18) |
Nov
(1) |
Dec
(10) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2003 |
Jan
(3) |
Feb
(33) |
Mar
(7) |
Apr
(28) |
May
(30) |
Jun
(5) |
Jul
(10) |
Aug
(7) |
Sep
(32) |
Oct
(41) |
Nov
(20) |
Dec
(10) |
| 2004 |
Jan
(24) |
Feb
(18) |
Mar
(57) |
Apr
(40) |
May
(55) |
Jun
(48) |
Jul
(77) |
Aug
(15) |
Sep
(56) |
Oct
(80) |
Nov
(74) |
Dec
(52) |
| 2005 |
Jan
(38) |
Feb
(42) |
Mar
(39) |
Apr
(56) |
May
(79) |
Jun
(73) |
Jul
(16) |
Aug
(23) |
Sep
(68) |
Oct
(77) |
Nov
(52) |
Dec
(27) |
| 2006 |
Jan
(27) |
Feb
(18) |
Mar
(51) |
Apr
(62) |
May
(28) |
Jun
(50) |
Jul
(36) |
Aug
(33) |
Sep
(47) |
Oct
(50) |
Nov
(77) |
Dec
(13) |
| 2007 |
Jan
(15) |
Feb
(8) |
Mar
(14) |
Apr
(18) |
May
(25) |
Jun
(16) |
Jul
(16) |
Aug
(19) |
Sep
(32) |
Oct
(17) |
Nov
(5) |
Dec
(5) |
| 2008 |
Jan
(64) |
Feb
(25) |
Mar
(25) |
Apr
(6) |
May
(28) |
Jun
(20) |
Jul
(10) |
Aug
(27) |
Sep
(28) |
Oct
(59) |
Nov
(37) |
Dec
(43) |
| 2009 |
Jan
(40) |
Feb
(25) |
Mar
(12) |
Apr
(57) |
May
(46) |
Jun
(29) |
Jul
(39) |
Aug
(10) |
Sep
(20) |
Oct
(42) |
Nov
(50) |
Dec
(57) |
| 2010 |
Jan
(82) |
Feb
(165) |
Mar
(256) |
Apr
(260) |
May
(36) |
Jun
(87) |
Jul
(53) |
Aug
(89) |
Sep
(107) |
Oct
(51) |
Nov
(88) |
Dec
(117) |
| 2011 |
Jan
(69) |
Feb
(60) |
Mar
(113) |
Apr
(71) |
May
(67) |
Jun
(90) |
Jul
(88) |
Aug
(90) |
Sep
(48) |
Oct
(64) |
Nov
(69) |
Dec
(118) |
| 2012 |
Jan
(49) |
Feb
(528) |
Mar
(351) |
Apr
(190) |
May
(238) |
Jun
(193) |
Jul
(104) |
Aug
(100) |
Sep
(57) |
Oct
(41) |
Nov
(47) |
Dec
(51) |
| 2013 |
Jan
(94) |
Feb
(57) |
Mar
(96) |
Apr
(105) |
May
(77) |
Jun
(102) |
Jul
(27) |
Aug
(81) |
Sep
(32) |
Oct
(53) |
Nov
(127) |
Dec
(65) |
| 2014 |
Jan
(113) |
Feb
(59) |
Mar
(104) |
Apr
(259) |
May
(70) |
Jun
(70) |
Jul
(146) |
Aug
(45) |
Sep
(58) |
Oct
(149) |
Nov
(77) |
Dec
(83) |
| 2015 |
Jan
(53) |
Feb
(66) |
Mar
(86) |
Apr
(50) |
May
(135) |
Jun
(76) |
Jul
(151) |
Aug
(83) |
Sep
(97) |
Oct
(262) |
Nov
(245) |
Dec
(231) |
| 2016 |
Jan
(131) |
Feb
(233) |
Mar
(97) |
Apr
(138) |
May
(221) |
Jun
(254) |
Jul
(92) |
Aug
(248) |
Sep
(168) |
Oct
(275) |
Nov
(477) |
Dec
(445) |
| 2017 |
Jan
(218) |
Feb
(217) |
Mar
(146) |
Apr
(172) |
May
(216) |
Jun
(252) |
Jul
(164) |
Aug
(192) |
Sep
(190) |
Oct
(143) |
Nov
(255) |
Dec
(182) |
| 2018 |
Jan
(295) |
Feb
(164) |
Mar
(113) |
Apr
(147) |
May
(64) |
Jun
(262) |
Jul
(184) |
Aug
(90) |
Sep
(69) |
Oct
(364) |
Nov
(102) |
Dec
(101) |
| 2019 |
Jan
(119) |
Feb
(64) |
Mar
(64) |
Apr
(102) |
May
(57) |
Jun
(154) |
Jul
(84) |
Aug
(81) |
Sep
(76) |
Oct
(102) |
Nov
(233) |
Dec
(89) |
| 2020 |
Jan
(38) |
Feb
(170) |
Mar
(155) |
Apr
(172) |
May
(120) |
Jun
(223) |
Jul
(461) |
Aug
(227) |
Sep
(268) |
Oct
(113) |
Nov
(56) |
Dec
(124) |
| 2021 |
Jan
(121) |
Feb
(48) |
Mar
(334) |
Apr
(345) |
May
(207) |
Jun
(136) |
Jul
(71) |
Aug
(112) |
Sep
(122) |
Oct
(173) |
Nov
(184) |
Dec
(223) |
| 2022 |
Jan
(197) |
Feb
(206) |
Mar
(156) |
Apr
(212) |
May
(192) |
Jun
(170) |
Jul
(143) |
Aug
(380) |
Sep
(182) |
Oct
(148) |
Nov
(128) |
Dec
(269) |
| 2023 |
Jan
(248) |
Feb
(196) |
Mar
(264) |
Apr
(36) |
May
(123) |
Jun
(66) |
Jul
(120) |
Aug
(48) |
Sep
(157) |
Oct
(198) |
Nov
(300) |
Dec
(273) |
| 2024 |
Jan
(271) |
Feb
(147) |
Mar
(207) |
Apr
(78) |
May
(107) |
Jun
(168) |
Jul
(151) |
Aug
(51) |
Sep
(438) |
Oct
(221) |
Nov
(302) |
Dec
(357) |
| 2025 |
Jan
(451) |
Feb
(219) |
Mar
(326) |
Apr
(232) |
May
(306) |
Jun
(181) |
Jul
(452) |
Aug
(170) |
Sep
|
Oct
|
Nov
|
Dec
|
|
From: ordex (C. Review) <ge...@op...> - 2025-07-22 20:27:35
|
ordex has abandoned this change. ( http://gerrit.openvpn.net/c/openvpn/+/1097?usp=email ) Change subject: add context to dco-linux.h ...................................................................... Abandoned this was supposed to be merged with another commit -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1097?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I53ce262c19321759be9adb341ce5d900e5874d13 Gerrit-Change-Number: 1097 Gerrit-PatchSet: 1 Gerrit-Owner: ordex <an...@ma...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-MessageType: abandon |
|
From: ordex (C. Review) <ge...@op...> - 2025-07-22 20:27:02
|
Attention is currently required from: flichtenheld, plaisthos.
Hello flichtenheld, plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/1094?usp=email
to look at the new patch set (#2).
Change subject: dco: only pass struct context to init function
......................................................................
dco: only pass struct context to init function
Future DCO code will require accessing the `multi` member of the
context object.
For this reason a pointer to the context has to be stored in the
DCO context along with the rest.
At this point, rather than making the call to ovpn_dco_init()
longer with more and more parameters, pass the struct context
only and let the implementation extract the needed fields.
Change-Id: I673a17f8c5dec66cc6c28c1ed44780a7a63927d7
Signed-off-by: Antonio Quartulli <an...@ma...>
---
M src/openvpn/dco.h
M src/openvpn/dco_freebsd.c
M src/openvpn/dco_linux.c
M src/openvpn/dco_linux.h
M src/openvpn/init.c
5 files changed, 15 insertions(+), 9 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/94/1094/2
diff --git a/src/openvpn/dco.h b/src/openvpn/dco.h
index f38316d..9c5c01a 100644
--- a/src/openvpn/dco.h
+++ b/src/openvpn/dco.h
@@ -104,12 +104,10 @@
/**
* Initialize the DCO context
*
- * @param mode the instance operating mode (P2P or multi-peer)
- * @param dco the context to initialize
- * @param dev_node device node, used on Windows to specify certain DCO adapter
+ * @param c the main instance context
* @return true on success, false otherwise
*/
-bool ovpn_dco_init(int mode, dco_context_t *dco, const char *dev_node);
+bool ovpn_dco_init(struct context *c);
/**
* Open/create a DCO interface
diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c
index b8816c6..98d8fb5 100644
--- a/src/openvpn/dco_freebsd.c
+++ b/src/openvpn/dco_freebsd.c
@@ -165,9 +165,9 @@
}
bool
-ovpn_dco_init(int mode, dco_context_t *dco, const char *dev_node)
+ovpn_dco_init(struct context *c)
{
- if (open_fd(dco) < 0)
+ if (open_fd(&c->c1.tuntap->dco) < 0)
{
msg(M_ERR, "Failed to open socket");
return false;
diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c
index f04ebfe..c92c196 100644
--- a/src/openvpn/dco_linux.c
+++ b/src/openvpn/dco_linux.c
@@ -438,9 +438,11 @@
}
bool
-ovpn_dco_init(int mode, dco_context_t *dco, const char *dev_node)
+ovpn_dco_init(struct context *c)
{
- switch (mode)
+ dco_context_t *dco = &c->c1.tuntap->dco;
+
+ switch (c->mode)
{
case CM_TOP:
dco->ifmode = OVPN_MODE_MP;
@@ -454,6 +456,10 @@
ASSERT(false);
}
+ /* store pointer to context as it may be required by message
+ * parsing routines
+ */
+ dco->c = c;
ovpn_dco_init_netlink(dco);
return true;
}
diff --git a/src/openvpn/dco_linux.h b/src/openvpn/dco_linux.h
index 676b8cd..5e61cf1 100644
--- a/src/openvpn/dco_linux.h
+++ b/src/openvpn/dco_linux.h
@@ -65,6 +65,8 @@
struct nl_cb *nl_cb;
int status;
+ struct context *c;
+
enum ovpn_mode ifmode;
int ovpn_dco_id;
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 77747a2..aac8a6a 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -2007,7 +2007,7 @@
if (dco_enabled(&c->options))
{
- ovpn_dco_init(c->mode, &c->c1.tuntap->dco, c->options.dev_node);
+ ovpn_dco_init(c);
}
/* open the tun device */
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1094?usp=email
To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I673a17f8c5dec66cc6c28c1ed44780a7a63927d7
Gerrit-Change-Number: 1094
Gerrit-PatchSet: 2
Gerrit-Owner: ordex <an...@ma...>
Gerrit-Reviewer: flichtenheld <fr...@li...>
Gerrit-Reviewer: plaisthos <arn...@rf...>
Gerrit-CC: openvpn-devel <ope...@li...>
Gerrit-Attention: plaisthos <arn...@rf...>
Gerrit-Attention: flichtenheld <fr...@li...>
Gerrit-MessageType: newpatchset
|
|
From: ordex (C. Review) <ge...@op...> - 2025-07-22 20:22:39
|
Attention is currently required from: flichtenheld, plaisthos.
Hello plaisthos, flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/1099?usp=email
to review the following change.
Change subject: dco_linux: factor out netlink notification code
......................................................................
dco_linux: factor out netlink notification code
ovpn_handle_msg() is soon becoming the main entry point for parsing
*all* incoming netlink messages. For this reason it is essential
that this function is kept simple and slim.
Move all code parsing netlink multicast notifications to their own
helpers and then invoke them.
This patch does not introduce any functional change.
It is intended in preparation for extending ovpn_handle_msg() to
become a genering netlink message parser.
Change-Id: I7bbc40b7b66f6e0512cd2cf9791766bcc4970461
Signed-off-by: Antonio Quartulli <an...@ma...>
---
M src/openvpn/dco_linux.c
1 file changed, 150 insertions(+), 111 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/99/1099/1
diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c
index ec6efaa..0a22879 100644
--- a/src/openvpn/dco_linux.c
+++ b/src/openvpn/dco_linux.c
@@ -956,6 +956,153 @@
return NL_OK;
}
+static int
+ovpn_handle_peer_del_ntf(dco_context_t *dco, struct nlattr *attrs[])
+{
+ /* we must know which interface this message is referring to in order to
+ * avoid mixing messages for other instances
+ */
+ if (!attrs[OVPN_A_IFINDEX])
+ {
+ msg(D_DCO, "ovpn-dco: Received message without ifindex");
+ return NL_STOP;
+ }
+
+ if (!attrs[OVPN_A_PEER])
+ {
+ msg(D_DCO, "ovpn-dco: no peer in PEER_DEL_NTF message");
+ return NL_STOP;
+ }
+
+ struct nlattr *dp_attrs[OVPN_A_PEER_MAX + 1];
+ if (nla_parse_nested(dp_attrs, OVPN_A_PEER_MAX, attrs[OVPN_A_PEER],
+ NULL))
+ {
+ msg(D_DCO, "ovpn-dco: can't parse peer in PEER_DEL_NTF messsage");
+ return NL_STOP;
+ }
+
+ if (!dp_attrs[OVPN_A_PEER_DEL_REASON])
+ {
+ msg(D_DCO, "ovpn-dco: no reason in PEER_DEL_NTF message");
+ return NL_STOP;
+ }
+ if (!dp_attrs[OVPN_A_PEER_ID])
+ {
+ msg(D_DCO, "ovpn-dco: no peer-id in PEER_DEL_NTF message");
+ return NL_STOP;
+ }
+
+ int reason = nla_get_u32(dp_attrs[OVPN_A_PEER_DEL_REASON]);
+ unsigned int peerid = nla_get_u32(dp_attrs[OVPN_A_PEER_ID]);
+
+ msg(D_DCO_DEBUG, "ovpn-dco: received CMD_PEER_DEL_NTF, ifindex: %d, peer-id %u, reason: %d",
+ dco->ifindex, peerid, reason);
+ dco->dco_message_peer_id = peerid;
+ dco->dco_del_peer_reason = reason;
+ dco->dco_message_type = OVPN_CMD_PEER_DEL_NTF;
+
+ return NL_OK;
+}
+
+static int
+ovpn_handle_peer_float_ntf(dco_context_t *dco, struct nlattr *attrs[])
+{
+ /* we must know which interface this message is referring to in order to
+ * avoid mixing messages for other instances
+ */
+ if (!attrs[OVPN_A_IFINDEX])
+ {
+ msg(D_DCO, "ovpn-dco: Received message without ifindex");
+ return NL_STOP;
+ }
+
+ if (!attrs[OVPN_A_PEER])
+ {
+ msg(D_DCO, "ovpn-dco: no peer in PEER_FLOAT_NTF message");
+ return NL_STOP;
+ }
+
+ struct nlattr *fp_attrs[OVPN_A_PEER_MAX + 1];
+ if (nla_parse_nested(fp_attrs, OVPN_A_PEER_MAX, attrs[OVPN_A_PEER],
+ NULL))
+ {
+ msg(D_DCO, "ovpn-dco: can't parse peer in PEER_FLOAT_NTF messsage");
+ return NL_STOP;
+ }
+
+ if (!fp_attrs[OVPN_A_PEER_ID])
+ {
+ msg(D_DCO, "ovpn-dco: no peer-id in PEER_FLOAT_NTF message");
+ return NL_STOP;
+ }
+ uint32_t peerid = nla_get_u32(fp_attrs[OVPN_A_PEER_ID]);
+
+ if (!ovpn_parse_float_addr(fp_attrs, (struct sockaddr *)&dco->dco_float_peer_ss))
+ {
+ return NL_STOP;
+ }
+
+ struct gc_arena gc = gc_new();
+ msg(D_DCO_DEBUG,
+ "ovpn-dco: received CMD_PEER_FLOAT_NTF, ifindex: %u, peer-id %u, address: %s",
+ dco->ifindex, peerid, print_sockaddr((struct sockaddr *)&dco->dco_float_peer_ss, &gc));
+ dco->dco_message_peer_id = (int)peerid;
+ dco->dco_message_type = OVPN_CMD_PEER_FLOAT_NTF;
+
+ gc_free(&gc);
+
+ return NL_OK;
+}
+
+static int
+ovpn_handle_key_swap_ntf(dco_context_t *dco, struct nlattr *attrs[])
+{
+ /* we must know which interface this message is referring to in order to
+ * avoid mixing messages for other instances
+ */
+ if (!attrs[OVPN_A_IFINDEX])
+ {
+ msg(D_DCO, "ovpn-dco: Received message without ifindex");
+ return NL_STOP;
+ }
+
+ if (!attrs[OVPN_A_KEYCONF])
+ {
+ msg(D_DCO, "ovpn-dco: no keyconf in KEY_SWAP_NTF message");
+ return NL_STOP;
+ }
+
+ struct nlattr *dp_attrs[OVPN_A_KEYCONF_MAX + 1];
+ if (nla_parse_nested(dp_attrs, OVPN_A_KEYCONF_MAX,
+ attrs[OVPN_A_KEYCONF], NULL))
+ {
+ msg(D_DCO, "ovpn-dco: can't parse keyconf in KEY_SWAP_NTF message");
+ return NL_STOP;
+ }
+ if (!dp_attrs[OVPN_A_KEYCONF_PEER_ID])
+ {
+ msg(D_DCO, "ovpn-dco: no peer-id in KEY_SWAP_NTF message");
+ return NL_STOP;
+ }
+ if (!dp_attrs[OVPN_A_KEYCONF_KEY_ID])
+ {
+ msg(D_DCO, "ovpn-dco: no key-id in KEY_SWAP_NTF message");
+ return NL_STOP;
+ }
+
+ int key_id = nla_get_u16(dp_attrs[OVPN_A_KEYCONF_KEY_ID]);
+ unsigned int peer_id = nla_get_u32(dp_attrs[OVPN_A_KEYCONF_PEER_ID]);
+
+ msg(D_DCO_DEBUG, "ovpn-dco: received CMD_KEY_SWAP_NTF, ifindex: %d, peer-id %u, key-id: %d",
+ dco->ifindex, peer_id, key_id);
+ dco->dco_message_peer_id = peer_id;
+ dco->dco_message_key_id = key_id;
+ dco->dco_message_type = OVPN_CMD_KEY_SWAP_NTF;
+
+ return NL_OK;
+}
+
/* This function parses any netlink message sent by ovpn-dco to userspace */
static int
ovpn_handle_msg(struct nl_msg *msg, void *arg)
@@ -979,15 +1126,6 @@
return NL_STOP;
}
- /* we must know which interface this message is referring to in order to
- * avoid mixing messages for other instances
- */
- if (!attrs[OVPN_A_IFINDEX])
- {
- msg(D_DCO, "ovpn-dco: Received message without ifindex");
- return NL_STOP;
- }
-
uint32_t ifindex = nla_get_u32(attrs[OVPN_A_IFINDEX]);
if (ifindex != dco->ifindex)
{
@@ -1008,116 +1146,17 @@
{
case OVPN_CMD_PEER_DEL_NTF:
{
- if (!attrs[OVPN_A_PEER])
- {
- msg(D_DCO, "ovpn-dco: no peer in PEER_DEL_NTF message");
- return NL_STOP;
- }
-
- struct nlattr *dp_attrs[OVPN_A_PEER_MAX + 1];
- if (nla_parse_nested(dp_attrs, OVPN_A_PEER_MAX, attrs[OVPN_A_PEER],
- NULL))
- {
- msg(D_DCO, "ovpn-dco: can't parse peer in PEER_DEL_NTF messsage");
- return NL_STOP;
- }
-
- if (!dp_attrs[OVPN_A_PEER_DEL_REASON])
- {
- msg(D_DCO, "ovpn-dco: no reason in PEER_DEL_NTF message");
- return NL_STOP;
- }
- if (!dp_attrs[OVPN_A_PEER_ID])
- {
- msg(D_DCO, "ovpn-dco: no peer-id in PEER_DEL_NTF message");
- return NL_STOP;
- }
-
- int reason = nla_get_u32(dp_attrs[OVPN_A_PEER_DEL_REASON]);
- unsigned int peerid = nla_get_u32(dp_attrs[OVPN_A_PEER_ID]);
-
- msg(D_DCO_DEBUG, "ovpn-dco: received CMD_PEER_DEL_NTF, ifindex: %d, peer-id %u, reason: %d",
- ifindex, peerid, reason);
- dco->dco_message_peer_id = peerid;
- dco->dco_del_peer_reason = reason;
- dco->dco_message_type = OVPN_CMD_PEER_DEL_NTF;
- break;
+ return ovpn_handle_peer_del_ntf(dco, attrs);
}
case OVPN_CMD_PEER_FLOAT_NTF:
{
- if (!attrs[OVPN_A_PEER])
- {
- msg(D_DCO, "ovpn-dco: no peer in PEER_FLOAT_NTF message");
- return NL_STOP;
- }
-
- struct nlattr *fp_attrs[OVPN_A_PEER_MAX + 1];
- if (nla_parse_nested(fp_attrs, OVPN_A_PEER_MAX, attrs[OVPN_A_PEER],
- NULL))
- {
- msg(D_DCO, "ovpn-dco: can't parse peer in PEER_FLOAT_NTF messsage");
- return NL_STOP;
- }
-
- if (!fp_attrs[OVPN_A_PEER_ID])
- {
- msg(D_DCO, "ovpn-dco: no peer-id in PEER_FLOAT_NTF message");
- return NL_STOP;
- }
- uint32_t peerid = nla_get_u32(fp_attrs[OVPN_A_PEER_ID]);
-
- if (!ovpn_parse_float_addr(fp_attrs, (struct sockaddr *)&dco->dco_float_peer_ss))
- {
- return NL_STOP;
- }
-
- struct gc_arena gc = gc_new();
- msg(D_DCO_DEBUG,
- "ovpn-dco: received CMD_PEER_FLOAT_NTF, ifindex: %u, peer-id %u, address: %s",
- ifindex, peerid, print_sockaddr((struct sockaddr *)&dco->dco_float_peer_ss, &gc));
- dco->dco_message_peer_id = (int)peerid;
- dco->dco_message_type = OVPN_CMD_PEER_FLOAT_NTF;
-
- gc_free(&gc);
- break;
+ return ovpn_handle_peer_float_ntf(dco, attrs);
}
case OVPN_CMD_KEY_SWAP_NTF:
{
- if (!attrs[OVPN_A_KEYCONF])
- {
- msg(D_DCO, "ovpn-dco: no keyconf in KEY_SWAP_NTF message");
- return NL_STOP;
- }
-
- struct nlattr *dp_attrs[OVPN_A_KEYCONF_MAX + 1];
- if (nla_parse_nested(dp_attrs, OVPN_A_KEYCONF_MAX,
- attrs[OVPN_A_KEYCONF], NULL))
- {
- msg(D_DCO, "ovpn-dco: can't parse keyconf in KEY_SWAP_NTF message");
- return NL_STOP;
- }
- if (!dp_attrs[OVPN_A_KEYCONF_PEER_ID])
- {
- msg(D_DCO, "ovpn-dco: no peer-id in KEY_SWAP_NTF message");
- return NL_STOP;
- }
- if (!dp_attrs[OVPN_A_KEYCONF_KEY_ID])
- {
- msg(D_DCO, "ovpn-dco: no key-id in KEY_SWAP_NTF message");
- return NL_STOP;
- }
-
- int key_id = nla_get_u16(dp_attrs[OVPN_A_KEYCONF_KEY_ID]);
- unsigned int peer_id = nla_get_u32(dp_attrs[OVPN_A_KEYCONF_PEER_ID]);
-
- msg(D_DCO_DEBUG, "ovpn-dco: received CMD_KEY_SWAP_NTF, ifindex: %d, peer-id %u, key-id: %d",
- ifindex, peer_id, key_id);
- dco->dco_message_peer_id = peer_id;
- dco->dco_message_key_id = key_id;
- dco->dco_message_type = OVPN_CMD_KEY_SWAP_NTF;
- break;
+ return ovpn_handle_key_swap_ntf(dco, attrs);
}
default:
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1099?usp=email
To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I7bbc40b7b66f6e0512cd2cf9791766bcc4970461
Gerrit-Change-Number: 1099
Gerrit-PatchSet: 1
Gerrit-Owner: ordex <an...@ma...>
Gerrit-Reviewer: flichtenheld <fr...@li...>
Gerrit-Reviewer: plaisthos <arn...@rf...>
Gerrit-CC: openvpn-devel <ope...@li...>
Gerrit-Attention: plaisthos <arn...@rf...>
Gerrit-Attention: flichtenheld <fr...@li...>
Gerrit-MessageType: newchange
|
|
From: ordex (C. Review) <ge...@op...> - 2025-07-22 20:22:38
|
Attention is currently required from: flichtenheld, plaisthos.
Hello plaisthos, flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/1100?usp=email
to review the following change.
Change subject: dco_linux: fix async message reception
......................................................................
dco_linux: fix async message reception
Currently whenever we send a PEER_GET request to ovpn, we also
set the CB that is supposed to parse the reply.
However, due to the async nature of netlink messages, we could
get an unrelated notification, sent by ovpn upon some event,
after having set the CB, but before parsing the awaited reply.
When this happens, the notification is then parsed with the
configured CB instead of the notification parser, thus effectively
rejecting the notification and losing the event.
To fix this inconsistency, make ovpn_handle_msg() the default and
only netlink parser CB. It is configured upon DCO initialization
and is never removed.
ovpn_handle_msg() will check the message type and will call the
according parser. This way, no matter what message we get at
what time, but we'll always parse it correctly.
As a bonus we can also simplify the nl_sendmsg() API as we
don't need to pass the cb and its argument anymore.
The ID of the NLCTRL family is now also stored in the DCO
context as we need it to check when we receive a mcast ID
lookup message.
Change-Id: I23ad79e14844aefde9ece34dadef0b75ff267201
Signed-off-by: Antonio Quartulli <an...@ma...>
---
M src/openvpn/dco_linux.c
M src/openvpn/dco_linux.h
2 files changed, 130 insertions(+), 85 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/00/1100/1
diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c
index 0a22879..62052f3 100644
--- a/src/openvpn/dco_linux.c
+++ b/src/openvpn/dco_linux.c
@@ -172,18 +172,14 @@
* The method will also free nl_msg
* @param dco The dco context to use
* @param nl_msg the message to use
- * @param cb An optional callback if the caller expects an answer
- * @param cb_arg An optional param to pass to the callback
* @param prefix A prefix to report in the error message to give the user context
* @return status of sending the message
*/
static int
-ovpn_nl_msg_send(dco_context_t *dco, struct nl_msg *nl_msg, ovpn_nl_cb cb,
- void *cb_arg, const char *prefix)
+ovpn_nl_msg_send(dco_context_t *dco, struct nl_msg *nl_msg, const char *prefix)
{
dco->status = 1;
- nl_cb_set(dco->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, cb, cb_arg);
nl_send_auto(dco->nl_sock, nl_msg);
while (dco->status == 1)
@@ -285,7 +281,7 @@
}
nla_nest_end(nl_msg, attr);
- ret = ovpn_nl_msg_send(dco, nl_msg, NULL, NULL, __func__);
+ ret = ovpn_nl_msg_send(dco, nl_msg, __func__);
nla_put_failure:
nlmsg_free(nl_msg);
@@ -385,6 +381,29 @@
}
static void
+ovpn_dco_register(dco_context_t *dco)
+{
+ msg(D_DCO_DEBUG, __func__);
+ ovpn_get_mcast_id(dco);
+
+ if (dco->ovpn_dco_mcast_id < 0)
+ {
+ msg(M_FATAL, "cannot get mcast group: %s", nl_geterror(dco->ovpn_dco_mcast_id));
+ }
+
+ /* Register for ovpn-dco specific multicast messages that the kernel may
+ * send
+ */
+ int ret = nl_socket_add_membership(dco->nl_sock, dco->ovpn_dco_mcast_id);
+ if (ret)
+ {
+ msg(M_FATAL, "%s: failed to join groups: %d", __func__, ret);
+ }
+}
+
+static int ovpn_handle_msg(struct nl_msg *msg, void *arg);
+
+static void
ovpn_dco_init_netlink(dco_context_t *dco)
{
dco->ovpn_dco_id = resolve_ovpn_netlink_id(M_FATAL);
@@ -420,11 +439,15 @@
nl_socket_set_cb(dco->nl_sock, dco->nl_cb);
+ dco->dco_message_peer_id = -1;
nl_cb_err(dco->nl_cb, NL_CB_CUSTOM, ovpn_nl_cb_error, &dco->status);
nl_cb_set(dco->nl_cb, NL_CB_FINISH, NL_CB_CUSTOM, ovpn_nl_cb_finish,
&dco->status);
nl_cb_set(dco->nl_cb, NL_CB_ACK, NL_CB_CUSTOM, ovpn_nl_cb_finish,
&dco->status);
+ nl_cb_set(dco->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, ovpn_handle_msg, dco);
+
+ ovpn_dco_register(dco);
/* The async PACKET messages confuse libnl and it will drop them with
* wrong sequence numbers (NLE_SEQ_MISMATCH), so disable libnl's sequence
@@ -476,27 +499,6 @@
CLEAR(dco);
}
-static void
-ovpn_dco_register(dco_context_t *dco)
-{
- msg(D_DCO_DEBUG, __func__);
- ovpn_get_mcast_id(dco);
-
- if (dco->ovpn_dco_mcast_id < 0)
- {
- msg(M_FATAL, "cannot get mcast group: %s", nl_geterror(dco->ovpn_dco_mcast_id));
- }
-
- /* Register for ovpn-dco specific multicast messages that the kernel may
- * send
- */
- int ret = nl_socket_add_membership(dco->nl_sock, dco->ovpn_dco_mcast_id);
- if (ret)
- {
- msg(M_FATAL, "%s: failed to join groups: %d", __func__, ret);
- }
-}
-
int
open_tun_dco(struct tuntap *tt, openvpn_net_ctx_t *ctx, const char *dev)
{
@@ -516,10 +518,6 @@
msg(M_FATAL, "DCO: cannot retrieve ifindex for interface %s", dev);
}
- tt->dco.dco_message_peer_id = -1;
-
- ovpn_dco_register(&tt->dco);
-
return 0;
}
@@ -548,7 +546,7 @@
NLA_PUT_U32(nl_msg, OVPN_A_KEYCONF_PEER_ID, peerid);
nla_nest_end(nl_msg, attr);
- ret = ovpn_nl_msg_send(dco, nl_msg, NULL, NULL, __func__);
+ ret = ovpn_nl_msg_send(dco, nl_msg, __func__);
nla_put_failure:
nlmsg_free(nl_msg);
@@ -572,7 +570,7 @@
NLA_PUT_U32(nl_msg, OVPN_A_PEER_ID, peerid);
nla_nest_end(nl_msg, attr);
- ret = ovpn_nl_msg_send(dco, nl_msg, NULL, NULL, __func__);
+ ret = ovpn_nl_msg_send(dco, nl_msg, __func__);
nla_put_failure:
nlmsg_free(nl_msg);
@@ -598,7 +596,7 @@
NLA_PUT_U32(nl_msg, OVPN_A_KEYCONF_SLOT, slot);
nla_nest_end(nl_msg, keyconf);
- ret = ovpn_nl_msg_send(dco, nl_msg, NULL, NULL, __func__);
+ ret = ovpn_nl_msg_send(dco, nl_msg, __func__);
nla_put_failure:
nlmsg_free(nl_msg);
@@ -657,7 +655,7 @@
nla_nest_end(nl_msg, key_conf);
- ret = ovpn_nl_msg_send(dco, nl_msg, NULL, NULL, __func__);
+ ret = ovpn_nl_msg_send(dco, nl_msg, __func__);
nla_put_failure:
nlmsg_free(nl_msg);
@@ -686,7 +684,7 @@
keepalive_timeout);
nla_nest_end(nl_msg, attr);
- ret = ovpn_nl_msg_send(dco, nl_msg, NULL, NULL, __func__);
+ ret = ovpn_nl_msg_send(dco, nl_msg, __func__);
nla_put_failure:
nlmsg_free(nl_msg);
@@ -754,7 +752,7 @@
/* Even though 'nlctrl' is a constant, there seem to be no library
* provided define for it */
- int ctrlid = genl_ctrl_resolve(dco->nl_sock, "nlctrl");
+ dco->ctrlid = genl_ctrl_resolve(dco->nl_sock, "nlctrl");
struct nl_msg *nl_msg = nlmsg_alloc();
if (!nl_msg)
@@ -762,12 +760,12 @@
return -ENOMEM;
}
- genlmsg_put(nl_msg, 0, 0, ctrlid, 0, 0, CTRL_CMD_GETFAMILY, 0);
+ genlmsg_put(nl_msg, 0, 0, dco->ctrlid, 0, 0, CTRL_CMD_GETFAMILY, 0);
int ret = -EMSGSIZE;
NLA_PUT_STRING(nl_msg, CTRL_ATTR_FAMILY_NAME, OVPN_FAMILY_NAME);
- ret = ovpn_nl_msg_send(dco, nl_msg, mcast_family_handler, dco, __func__);
+ ret = ovpn_nl_msg_send(dco, nl_msg, __func__);
nla_put_failure:
nlmsg_free(nl_msg);
@@ -879,23 +877,26 @@
}
static int
-dco_parse_peer_multi(struct nl_msg *msg, void *arg)
+ovpn_handle_peer_multi(dco_context_t *dco, struct nlattr *attrs[])
{
- struct nlattr *tb[OVPN_A_MAX + 1];
- struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
-
msg(D_DCO_DEBUG, "%s: parsing message...", __func__);
- nla_parse(tb, OVPN_A_MAX, genlmsg_attrdata(gnlh, 0),
- genlmsg_attrlen(gnlh, 0), NULL);
+ /* this function assumes openvpn is running in multipeer mode as
+ * it accesses c->multi
+ */
+ if (dco->ifmode != OVPN_MODE_MP)
+ {
+ msg(M_WARN, "%s: can't parse 'multi-peer' message on P2P instance", __func__);
+ return NL_SKIP;
+ }
- if (!tb[OVPN_A_PEER])
+ if (!attrs[OVPN_A_PEER])
{
return NL_SKIP;
}
struct nlattr *tb_peer[OVPN_A_PEER_MAX + 1];
- nla_parse_nested(tb_peer, OVPN_A_PEER_MAX, tb[OVPN_A_PEER], NULL);
+ nla_parse_nested(tb_peer, OVPN_A_PEER_MAX, attrs[OVPN_A_PEER], NULL);
if (!tb_peer[OVPN_A_PEER_ID])
{
@@ -903,7 +904,7 @@
return NL_SKIP;
}
- struct multi_context *m = arg;
+ struct multi_context *m = dco->c->multi;
uint32_t peer_id = nla_get_u32(tb_peer[OVPN_A_PEER_ID]);
if (peer_id >= m->max_clients || !m->instances[peer_id])
@@ -919,25 +920,18 @@
}
static int
-dco_parse_peer(struct nl_msg *msg, void *arg)
+ovpn_handle_peer(dco_context_t *dco, struct nlattr *attrs[])
{
- struct context *c = arg;
- struct nlattr *tb[OVPN_A_MAX + 1];
- struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
-
msg(D_DCO_DEBUG, "%s: parsing message...", __func__);
- nla_parse(tb, OVPN_A_MAX, genlmsg_attrdata(gnlh, 0),
- genlmsg_attrlen(gnlh, 0), NULL);
-
- if (!tb[OVPN_A_PEER])
+ if (!attrs[OVPN_A_PEER])
{
msg(D_DCO_DEBUG, "%s: malformed reply", __func__);
return NL_SKIP;
}
struct nlattr *tb_peer[OVPN_A_PEER_MAX + 1];
- nla_parse_nested(tb_peer, OVPN_A_PEER_MAX, tb[OVPN_A_PEER], NULL);
+ nla_parse_nested(tb_peer, OVPN_A_PEER_MAX, attrs[OVPN_A_PEER], NULL);
if (!tb_peer[OVPN_A_PEER_ID])
{
@@ -946,18 +940,39 @@
}
uint32_t peer_id = nla_get_u32(tb_peer[OVPN_A_PEER_ID]);
- if (c->c2.tls_multi->dco_peer_id != peer_id)
+ struct context_2 *c2;
+
+ if (dco->ifmode == OVPN_MODE_P2P)
+ {
+ c2 = &dco->c->c2;
+ }
+ else
+ {
+ struct multi_instance *mi = dco->c->multi->instances[peer_id];
+ if (!mi)
+ {
+ msg(M_WARN, "%s: received data for a non-existing peer %u", __func__, peer_id);
+ return NL_SKIP;
+ }
+
+ c2 = &mi->context.c2;
+ }
+
+ /* at this point this check should never fail for MP mode,
+ * but it's still fully valid for P2P mode
+ */
+ if (c2->tls_multi->dco_peer_id != peer_id)
{
return NL_SKIP;
}
- dco_update_peer_stat(&c->c2, tb_peer, peer_id);
+ dco_update_peer_stat(c2, tb_peer, peer_id);
return NL_OK;
}
-static int
-ovpn_handle_peer_del_ntf(dco_context_t *dco, struct nlattr *attrs[])
+static bool
+ovpn_iface_check(dco_context_t *dco, struct nlattr *attrs[])
{
/* we must know which interface this message is referring to in order to
* avoid mixing messages for other instances
@@ -965,6 +980,25 @@
if (!attrs[OVPN_A_IFINDEX])
{
msg(D_DCO, "ovpn-dco: Received message without ifindex");
+ return false;
+ }
+
+ uint32_t ifindex = nla_get_u32(attrs[OVPN_A_IFINDEX]);
+ if (ifindex != dco->ifindex)
+ {
+ msg(D_DCO_DEBUG,
+ "ovpn-dco: ignoring message for foreign ifindex %d", ifindex);
+ return false;
+ }
+
+ return true;
+}
+
+static int
+ovpn_handle_peer_del_ntf(dco_context_t *dco, struct nlattr *attrs[])
+{
+ if (!ovpn_iface_check(dco, attrs))
+ {
return NL_STOP;
}
@@ -1008,12 +1042,8 @@
static int
ovpn_handle_peer_float_ntf(dco_context_t *dco, struct nlattr *attrs[])
{
- /* we must know which interface this message is referring to in order to
- * avoid mixing messages for other instances
- */
- if (!attrs[OVPN_A_IFINDEX])
+ if (!ovpn_iface_check(dco, attrs))
{
- msg(D_DCO, "ovpn-dco: Received message without ifindex");
return NL_STOP;
}
@@ -1058,12 +1088,8 @@
static int
ovpn_handle_key_swap_ntf(dco_context_t *dco, struct nlattr *attrs[])
{
- /* we must know which interface this message is referring to in order to
- * avoid mixing messages for other instances
- */
- if (!attrs[OVPN_A_IFINDEX])
+ if (!ovpn_iface_check(dco, attrs))
{
- msg(D_DCO, "ovpn-dco: Received message without ifindex");
return NL_STOP;
}
@@ -1109,9 +1135,22 @@
{
dco_context_t *dco = arg;
- struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
struct nlattr *attrs[OVPN_A_MAX + 1];
struct nlmsghdr *nlh = nlmsg_hdr(msg);
+ struct genlmsghdr *gnlh = genlmsg_hdr(nlh);
+
+ msg(D_DCO_DEBUG, "ovpn-dco: received netlink message type=%u cmd=%u flags=%#.4x",
+ nlh->nlmsg_type, gnlh->cmd, nlh->nlmsg_flags);
+
+ /* if we get a message from the NLCTRL family, it means
+ * this is the reply to the mcast ID resolution request
+ * and we parse it accordingly.
+ */
+ if (nlh->nlmsg_type == dco->ctrlid)
+ {
+ msg(D_DCO_DEBUG, "ovpn-dco: received CTRLID message");
+ return mcast_family_handler(msg, dco);
+ }
if (!genlmsg_valid_hdr(nlh, 0))
{
@@ -1126,15 +1165,6 @@
return NL_STOP;
}
- uint32_t ifindex = nla_get_u32(attrs[OVPN_A_IFINDEX]);
- if (ifindex != dco->ifindex)
- {
- msg(D_DCO_DEBUG,
- "ovpn-dco: ignoring message (type=%d) for foreign ifindex %d",
- gnlh->cmd, ifindex);
- return NL_STOP;
- }
-
/* based on the message type, we parse the subobject contained in the
* message, that stores the type-specific attributes.
*
@@ -1144,6 +1174,21 @@
*/
switch (gnlh->cmd)
{
+ case OVPN_CMD_PEER_GET:
+ {
+ /* this message is part of a peer list dump, hence triggered
+ * by a MP/server instance
+ */
+ if (nlh->nlmsg_flags & NLM_F_MULTI)
+ {
+ return ovpn_handle_peer_multi(dco, attrs);
+ }
+ else
+ {
+ return ovpn_handle_peer(dco, attrs);
+ }
+ }
+
case OVPN_CMD_PEER_DEL_NTF:
{
return ovpn_handle_peer_del_ntf(dco, attrs);
@@ -1172,7 +1217,6 @@
dco_do_read(dco_context_t *dco)
{
msg(D_DCO_DEBUG, __func__);
- nl_cb_set(dco->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, ovpn_handle_msg, dco);
return ovpn_nl_recvmsgs(dco, __func__);
}
@@ -1187,7 +1231,7 @@
nlmsg_hdr(nl_msg)->nlmsg_flags |= NLM_F_DUMP;
- int ret = ovpn_nl_msg_send(dco, nl_msg, dco_parse_peer_multi, m, __func__);
+ int ret = ovpn_nl_msg_send(dco, nl_msg, __func__);
nlmsg_free(nl_msg);
@@ -1225,7 +1269,7 @@
NLA_PUT_U32(nl_msg, OVPN_A_PEER_ID, peer_id);
nla_nest_end(nl_msg, attr);
- ret = ovpn_nl_msg_send(dco, nl_msg, dco_parse_peer, c, __func__);
+ ret = ovpn_nl_msg_send(dco, nl_msg, __func__);
nla_put_failure:
nlmsg_free(nl_msg);
diff --git a/src/openvpn/dco_linux.h b/src/openvpn/dco_linux.h
index 5e61cf1..cc14f45 100644
--- a/src/openvpn/dco_linux.h
+++ b/src/openvpn/dco_linux.h
@@ -66,6 +66,7 @@
int status;
struct context *c;
+ int ctrlid;
enum ovpn_mode ifmode;
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1100?usp=email
To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I23ad79e14844aefde9ece34dadef0b75ff267201
Gerrit-Change-Number: 1100
Gerrit-PatchSet: 1
Gerrit-Owner: ordex <an...@ma...>
Gerrit-Reviewer: flichtenheld <fr...@li...>
Gerrit-Reviewer: plaisthos <arn...@rf...>
Gerrit-CC: openvpn-devel <ope...@li...>
Gerrit-Attention: plaisthos <arn...@rf...>
Gerrit-Attention: flichtenheld <fr...@li...>
Gerrit-MessageType: newchange
|
|
From: ordex (C. Review) <ge...@op...> - 2025-07-22 20:22:36
|
Attention is currently required from: flichtenheld, plaisthos.
Hello plaisthos, flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/1098?usp=email
to review the following change.
Change subject: dco_linux: rearrange functions
......................................................................
dco_linux: rearrange functions
In preparation for the implementation of a generic netlink
message parser, move all parsing functions above ovpn_handle_msg().
The latter is soon going to become a generic message parser which
will invoke specific handlers, thus they are required to be defined
earlier in the file.
No functional change is intended.
This patch is only meant to reduce entropy in the patch which will do
the real netlink parser change.
Better reviewed with: git show --color-moved
Change-Id: I94004579aef4a1ccccdbcf8edd7b722e5a611c72
Signed-off-by: Antonio Quartulli <an...@ma...>
---
M src/openvpn/dco_linux.c
1 file changed, 144 insertions(+), 144 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/98/1098/1
diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c
index 13506a1..ec6efaa 100644
--- a/src/openvpn/dco_linux.c
+++ b/src/openvpn/dco_linux.c
@@ -812,6 +812,150 @@
return false;
}
+/* libnl < 3.11.0 does not implement nla_get_uint() */
+static uint64_t
+ovpn_nla_get_uint(struct nlattr *attr)
+{
+ if (nla_len(attr) == sizeof(uint32_t))
+ {
+ return nla_get_u32(attr);
+ }
+ else
+ {
+ return nla_get_u64(attr);
+ }
+}
+
+static void
+dco_update_peer_stat(struct context_2 *c2, struct nlattr *tb[], uint32_t id)
+{
+ if (tb[OVPN_A_PEER_LINK_RX_BYTES])
+ {
+ c2->dco_read_bytes = ovpn_nla_get_uint(tb[OVPN_A_PEER_LINK_RX_BYTES]);
+ msg(D_DCO_DEBUG, "%s / dco_read_bytes: " counter_format, __func__,
+ c2->dco_read_bytes);
+ }
+ else
+ {
+ msg(M_WARN, "%s: no link RX bytes provided in reply for peer %u",
+ __func__, id);
+ }
+
+ if (tb[OVPN_A_PEER_LINK_TX_BYTES])
+ {
+ c2->dco_write_bytes = ovpn_nla_get_uint(tb[OVPN_A_PEER_LINK_TX_BYTES]);
+ msg(D_DCO_DEBUG, "%s / dco_write_bytes: " counter_format, __func__,
+ c2->dco_write_bytes);
+ }
+ else
+ {
+ msg(M_WARN, "%s: no link TX bytes provided in reply for peer %u",
+ __func__, id);
+ }
+
+ if (tb[OVPN_A_PEER_VPN_RX_BYTES])
+ {
+ c2->tun_read_bytes = ovpn_nla_get_uint(tb[OVPN_A_PEER_VPN_RX_BYTES]);
+ msg(D_DCO_DEBUG, "%s / tun_read_bytes: " counter_format, __func__,
+ c2->tun_read_bytes);
+ }
+ else
+ {
+ msg(M_WARN, "%s: no VPN RX bytes provided in reply for peer %u",
+ __func__, id);
+ }
+
+ if (tb[OVPN_A_PEER_VPN_TX_BYTES])
+ {
+ c2->tun_write_bytes = ovpn_nla_get_uint(tb[OVPN_A_PEER_VPN_TX_BYTES]);
+ msg(D_DCO_DEBUG, "%s / tun_write_bytes: " counter_format, __func__,
+ c2->tun_write_bytes);
+ }
+ else
+ {
+ msg(M_WARN, "%s: no VPN TX bytes provided in reply for peer %u",
+ __func__, id);
+ }
+}
+
+static int
+dco_parse_peer_multi(struct nl_msg *msg, void *arg)
+{
+ struct nlattr *tb[OVPN_A_MAX + 1];
+ struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
+
+ msg(D_DCO_DEBUG, "%s: parsing message...", __func__);
+
+ nla_parse(tb, OVPN_A_MAX, genlmsg_attrdata(gnlh, 0),
+ genlmsg_attrlen(gnlh, 0), NULL);
+
+ if (!tb[OVPN_A_PEER])
+ {
+ return NL_SKIP;
+ }
+
+ struct nlattr *tb_peer[OVPN_A_PEER_MAX + 1];
+ nla_parse_nested(tb_peer, OVPN_A_PEER_MAX, tb[OVPN_A_PEER], NULL);
+
+ if (!tb_peer[OVPN_A_PEER_ID])
+ {
+ msg(M_WARN, "%s: no peer-id provided in reply", __func__);
+ return NL_SKIP;
+ }
+
+ struct multi_context *m = arg;
+ uint32_t peer_id = nla_get_u32(tb_peer[OVPN_A_PEER_ID]);
+
+ if (peer_id >= m->max_clients || !m->instances[peer_id])
+ {
+ msg(M_WARN, "%s: cannot store DCO stats for peer %u", __func__,
+ peer_id);
+ return NL_SKIP;
+ }
+
+ dco_update_peer_stat(&m->instances[peer_id]->context.c2, tb_peer, peer_id);
+
+ return NL_OK;
+}
+
+static int
+dco_parse_peer(struct nl_msg *msg, void *arg)
+{
+ struct context *c = arg;
+ struct nlattr *tb[OVPN_A_MAX + 1];
+ struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
+
+ msg(D_DCO_DEBUG, "%s: parsing message...", __func__);
+
+ nla_parse(tb, OVPN_A_MAX, genlmsg_attrdata(gnlh, 0),
+ genlmsg_attrlen(gnlh, 0), NULL);
+
+ if (!tb[OVPN_A_PEER])
+ {
+ msg(D_DCO_DEBUG, "%s: malformed reply", __func__);
+ return NL_SKIP;
+ }
+
+ struct nlattr *tb_peer[OVPN_A_PEER_MAX + 1];
+ nla_parse_nested(tb_peer, OVPN_A_PEER_MAX, tb[OVPN_A_PEER], NULL);
+
+ if (!tb_peer[OVPN_A_PEER_ID])
+ {
+ msg(M_WARN, "%s: no peer-id provided in reply", __func__);
+ return NL_SKIP;
+ }
+
+ uint32_t peer_id = nla_get_u32(tb_peer[OVPN_A_PEER_ID]);
+ if (c->c2.tls_multi->dco_peer_id != peer_id)
+ {
+ return NL_SKIP;
+ }
+
+ dco_update_peer_stat(&c->c2, tb_peer, peer_id);
+
+ return NL_OK;
+}
+
/* This function parses any netlink message sent by ovpn-dco to userspace */
static int
ovpn_handle_msg(struct nl_msg *msg, void *arg)
@@ -994,112 +1138,6 @@
return ovpn_nl_recvmsgs(dco, __func__);
}
-/* libnl < 3.11.0 does not implement nla_get_uint() */
-static uint64_t
-ovpn_nla_get_uint(struct nlattr *attr)
-{
- if (nla_len(attr) == sizeof(uint32_t))
- {
- return nla_get_u32(attr);
- }
- else
- {
- return nla_get_u64(attr);
- }
-}
-
-static void
-dco_update_peer_stat(struct context_2 *c2, struct nlattr *tb[], uint32_t id)
-{
- if (tb[OVPN_A_PEER_LINK_RX_BYTES])
- {
- c2->dco_read_bytes = ovpn_nla_get_uint(tb[OVPN_A_PEER_LINK_RX_BYTES]);
- msg(D_DCO_DEBUG, "%s / dco_read_bytes: " counter_format, __func__,
- c2->dco_read_bytes);
- }
- else
- {
- msg(M_WARN, "%s: no link RX bytes provided in reply for peer %u",
- __func__, id);
- }
-
- if (tb[OVPN_A_PEER_LINK_TX_BYTES])
- {
- c2->dco_write_bytes = ovpn_nla_get_uint(tb[OVPN_A_PEER_LINK_TX_BYTES]);
- msg(D_DCO_DEBUG, "%s / dco_write_bytes: " counter_format, __func__,
- c2->dco_write_bytes);
- }
- else
- {
- msg(M_WARN, "%s: no link TX bytes provided in reply for peer %u",
- __func__, id);
- }
-
- if (tb[OVPN_A_PEER_VPN_RX_BYTES])
- {
- c2->tun_read_bytes = ovpn_nla_get_uint(tb[OVPN_A_PEER_VPN_RX_BYTES]);
- msg(D_DCO_DEBUG, "%s / tun_read_bytes: " counter_format, __func__,
- c2->tun_read_bytes);
- }
- else
- {
- msg(M_WARN, "%s: no VPN RX bytes provided in reply for peer %u",
- __func__, id);
- }
-
- if (tb[OVPN_A_PEER_VPN_TX_BYTES])
- {
- c2->tun_write_bytes = ovpn_nla_get_uint(tb[OVPN_A_PEER_VPN_TX_BYTES]);
- msg(D_DCO_DEBUG, "%s / tun_write_bytes: " counter_format, __func__,
- c2->tun_write_bytes);
- }
- else
- {
- msg(M_WARN, "%s: no VPN TX bytes provided in reply for peer %u",
- __func__, id);
- }
-}
-
-int
-dco_parse_peer_multi(struct nl_msg *msg, void *arg)
-{
- struct nlattr *tb[OVPN_A_MAX + 1];
- struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
-
- msg(D_DCO_DEBUG, "%s: parsing message...", __func__);
-
- nla_parse(tb, OVPN_A_MAX, genlmsg_attrdata(gnlh, 0),
- genlmsg_attrlen(gnlh, 0), NULL);
-
- if (!tb[OVPN_A_PEER])
- {
- return NL_SKIP;
- }
-
- struct nlattr *tb_peer[OVPN_A_PEER_MAX + 1];
- nla_parse_nested(tb_peer, OVPN_A_PEER_MAX, tb[OVPN_A_PEER], NULL);
-
- if (!tb_peer[OVPN_A_PEER_ID])
- {
- msg(M_WARN, "%s: no peer-id provided in reply", __func__);
- return NL_SKIP;
- }
-
- struct multi_context *m = arg;
- uint32_t peer_id = nla_get_u32(tb_peer[OVPN_A_PEER_ID]);
-
- if (peer_id >= m->max_clients || !m->instances[peer_id])
- {
- msg(M_WARN, "%s: cannot store DCO stats for peer %u", __func__,
- peer_id);
- return NL_SKIP;
- }
-
- dco_update_peer_stat(&m->instances[peer_id]->context.c2, tb_peer, peer_id);
-
- return NL_OK;
-}
-
int
dco_get_peer_stats_multi(dco_context_t *dco, struct multi_context *m,
const bool raise_sigusr1_on_err)
@@ -1124,44 +1162,6 @@
return ret;
}
-static int
-dco_parse_peer(struct nl_msg *msg, void *arg)
-{
- struct context *c = arg;
- struct nlattr *tb[OVPN_A_MAX + 1];
- struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
-
- msg(D_DCO_DEBUG, "%s: parsing message...", __func__);
-
- nla_parse(tb, OVPN_A_MAX, genlmsg_attrdata(gnlh, 0),
- genlmsg_attrlen(gnlh, 0), NULL);
-
- if (!tb[OVPN_A_PEER])
- {
- msg(D_DCO_DEBUG, "%s: malformed reply", __func__);
- return NL_SKIP;
- }
-
- struct nlattr *tb_peer[OVPN_A_PEER_MAX + 1];
- nla_parse_nested(tb_peer, OVPN_A_PEER_MAX, tb[OVPN_A_PEER], NULL);
-
- if (!tb_peer[OVPN_A_PEER_ID])
- {
- msg(M_WARN, "%s: no peer-id provided in reply", __func__);
- return NL_SKIP;
- }
-
- uint32_t peer_id = nla_get_u32(tb_peer[OVPN_A_PEER_ID]);
- if (c->c2.tls_multi->dco_peer_id != peer_id)
- {
- return NL_SKIP;
- }
-
- dco_update_peer_stat(&c->c2, tb_peer, peer_id);
-
- return NL_OK;
-}
-
int
dco_get_peer_stats(struct context *c, const bool raise_sigusr1_on_err)
{
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1098?usp=email
To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I94004579aef4a1ccccdbcf8edd7b722e5a611c72
Gerrit-Change-Number: 1098
Gerrit-PatchSet: 1
Gerrit-Owner: ordex <an...@ma...>
Gerrit-Reviewer: flichtenheld <fr...@li...>
Gerrit-Reviewer: plaisthos <arn...@rf...>
Gerrit-CC: openvpn-devel <ope...@li...>
Gerrit-Attention: plaisthos <arn...@rf...>
Gerrit-Attention: flichtenheld <fr...@li...>
Gerrit-MessageType: newchange
|
|
From: ordex (C. Review) <ge...@op...> - 2025-07-22 20:22:34
|
Attention is currently required from: flichtenheld, plaisthos.
Hello plaisthos, flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/1097?usp=email
to review the following change.
Change subject: add context to dco-linux.h
......................................................................
add context to dco-linux.h
Change-Id: I53ce262c19321759be9adb341ce5d900e5874d13
Signed-off-by: Antonio Quartulli <an...@ma...>
---
M src/openvpn/dco_linux.h
1 file changed, 2 insertions(+), 0 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/97/1097/1
diff --git a/src/openvpn/dco_linux.h b/src/openvpn/dco_linux.h
index 676b8cd..5e61cf1 100644
--- a/src/openvpn/dco_linux.h
+++ b/src/openvpn/dco_linux.h
@@ -65,6 +65,8 @@
struct nl_cb *nl_cb;
int status;
+ struct context *c;
+
enum ovpn_mode ifmode;
int ovpn_dco_id;
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1097?usp=email
To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I53ce262c19321759be9adb341ce5d900e5874d13
Gerrit-Change-Number: 1097
Gerrit-PatchSet: 1
Gerrit-Owner: ordex <an...@ma...>
Gerrit-Reviewer: flichtenheld <fr...@li...>
Gerrit-Reviewer: plaisthos <arn...@rf...>
Gerrit-CC: openvpn-devel <ope...@li...>
Gerrit-Attention: plaisthos <arn...@rf...>
Gerrit-Attention: flichtenheld <fr...@li...>
Gerrit-MessageType: newchange
|
|
From: ordex (C. Review) <ge...@op...> - 2025-07-22 20:22:31
|
Attention is currently required from: flichtenheld, plaisthos.
Hello plaisthos, flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/1094?usp=email
to review the following change.
Change subject: dco: only pass struct context to init function
......................................................................
dco: only pass struct context to init function
Future DCO code will require accessing the `multi` member of the
context object.
For this reason a pointer to the context has to be stored in the
DCO context along with the rest.
At this point, rather than making the call to ovpn_dco_init()
longer with more and more parameters, pass the struct context
only and let the implementation extract the needed fields.
Change-Id: I673a17f8c5dec66cc6c28c1ed44780a7a63927d7
Signed-off-by: Antonio Quartulli <an...@ma...>
---
M src/openvpn/dco.h
M src/openvpn/dco_freebsd.c
M src/openvpn/dco_linux.c
M src/openvpn/init.c
4 files changed, 13 insertions(+), 9 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/94/1094/1
diff --git a/src/openvpn/dco.h b/src/openvpn/dco.h
index f38316d..9c5c01a 100644
--- a/src/openvpn/dco.h
+++ b/src/openvpn/dco.h
@@ -104,12 +104,10 @@
/**
* Initialize the DCO context
*
- * @param mode the instance operating mode (P2P or multi-peer)
- * @param dco the context to initialize
- * @param dev_node device node, used on Windows to specify certain DCO adapter
+ * @param c the main instance context
* @return true on success, false otherwise
*/
-bool ovpn_dco_init(int mode, dco_context_t *dco, const char *dev_node);
+bool ovpn_dco_init(struct context *c);
/**
* Open/create a DCO interface
diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c
index b8816c6..98d8fb5 100644
--- a/src/openvpn/dco_freebsd.c
+++ b/src/openvpn/dco_freebsd.c
@@ -165,9 +165,9 @@
}
bool
-ovpn_dco_init(int mode, dco_context_t *dco, const char *dev_node)
+ovpn_dco_init(struct context *c)
{
- if (open_fd(dco) < 0)
+ if (open_fd(&c->c1.tuntap->dco) < 0)
{
msg(M_ERR, "Failed to open socket");
return false;
diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c
index f04ebfe..c92c196 100644
--- a/src/openvpn/dco_linux.c
+++ b/src/openvpn/dco_linux.c
@@ -438,9 +438,11 @@
}
bool
-ovpn_dco_init(int mode, dco_context_t *dco, const char *dev_node)
+ovpn_dco_init(struct context *c)
{
- switch (mode)
+ dco_context_t *dco = &c->c1.tuntap->dco;
+
+ switch (c->mode)
{
case CM_TOP:
dco->ifmode = OVPN_MODE_MP;
@@ -454,6 +456,10 @@
ASSERT(false);
}
+ /* store pointer to context as it may be required by message
+ * parsing routines
+ */
+ dco->c = c;
ovpn_dco_init_netlink(dco);
return true;
}
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 77747a2..aac8a6a 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -2007,7 +2007,7 @@
if (dco_enabled(&c->options))
{
- ovpn_dco_init(c->mode, &c->c1.tuntap->dco, c->options.dev_node);
+ ovpn_dco_init(c);
}
/* open the tun device */
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1094?usp=email
To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I673a17f8c5dec66cc6c28c1ed44780a7a63927d7
Gerrit-Change-Number: 1094
Gerrit-PatchSet: 1
Gerrit-Owner: ordex <an...@ma...>
Gerrit-Reviewer: flichtenheld <fr...@li...>
Gerrit-Reviewer: plaisthos <arn...@rf...>
Gerrit-CC: openvpn-devel <ope...@li...>
Gerrit-Attention: plaisthos <arn...@rf...>
Gerrit-Attention: flichtenheld <fr...@li...>
Gerrit-MessageType: newchange
|
|
From: ordex (C. Review) <ge...@op...> - 2025-07-22 20:22:30
|
Attention is currently required from: flichtenheld, plaisthos.
Hello plaisthos, flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/1093?usp=email
to review the following change.
Change subject: multi: store multi_context address inside top instance
......................................................................
multi: store multi_context address inside top instance
Future modifications to DCO require accessing the
server multi_context object.
Since it is currently a stack variable that is pointed
by no one, we'd need to pass it to all kind of functions
to ensure it can reach the DCO code.
To make the implementation simpler, it is preferable to
simply assign its address to a struct context's field.
While at it, make some multi_* functions static as they
used only inside multi.c, where they are defined.
Change-Id: Ibf64c681e02ac572d339d4d98e75ceb0cd417c45
Signed-off-by: Antonio Quartulli <an...@ma...>
---
M src/openvpn/multi.c
M src/openvpn/multi.h
M src/openvpn/openvpn.h
3 files changed, 15 insertions(+), 18 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/93/1093/1
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index 4696686..ec260a2 100644
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -290,9 +290,10 @@
/*
* Main initialization function, init multi_context object.
*/
-void
-multi_init(struct multi_context *m, struct context *t)
+static void
+multi_init(struct context *t)
{
+ struct multi_context *m = t->multi;
int dev = DEV_TYPE_UNDEF;
msg(D_MULTI_LOW, "MULTI: multi_init called, r=%d v=%d",
@@ -706,7 +707,7 @@
/*
* Called on shutdown or restart.
*/
-void
+static void
multi_uninit(struct multi_context *m)
{
if (m->hash)
@@ -3922,14 +3923,14 @@
}
}
-void
-multi_top_init(struct multi_context *m, struct context *top)
+static void
+multi_top_init(struct context *top)
{
- inherit_context_top(&m->top, top);
- m->top.c2.buffers = init_context_buffers(&top->c2.frame);
+ inherit_context_top(&top->multi->top, top);
+ top->multi->top.c2.buffers = init_context_buffers(&top->c2.frame);
}
-void
+static void
multi_top_free(struct multi_context *m)
{
close_context(&m->top, -1, CC_GC_FREE);
@@ -4324,6 +4325,7 @@
struct multi_context multi;
top->mode = CM_TOP;
+ top->multi = &multi;
context_clear_2(top);
/* initialize top-tunnel instance */
@@ -4334,10 +4336,10 @@
}
/* initialize global multi_context object */
- multi_init(&multi, top);
+ multi_init(top);
/* initialize our cloned top object */
- multi_top_init(&multi, top);
+ multi_top_init(top);
/* initialize management interface */
init_management_callback_multi(&multi);
diff --git a/src/openvpn/multi.h b/src/openvpn/multi.h
index fe9e847..8b2704c 100644
--- a/src/openvpn/multi.h
+++ b/src/openvpn/multi.h
@@ -263,14 +263,6 @@
* Called by mtcp.c, mudp.c, or other (to be written) protocol drivers
*/
-void multi_init(struct multi_context *m, struct context *t);
-
-void multi_uninit(struct multi_context *m);
-
-void multi_top_init(struct multi_context *m, struct context *top);
-
-void multi_top_free(struct multi_context *m);
-
struct multi_instance *multi_create_instance(struct multi_context *m, const struct mroute_addr *real,
struct link_socket *sock);
diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h
index 3c8ce39..7d48888 100644
--- a/src/openvpn/openvpn.h
+++ b/src/openvpn/openvpn.h
@@ -491,6 +491,9 @@
* CM_P2P, \c CM_TOP, \c CM_TOP_CLONE,
* \c CM_CHILD_UDP, and \c CM_CHILD_TCP. */
+ struct multi_context *multi; /**< Pointer to the main P2MP context.
+ * Non-NULL only when mode == CM_TOP. */
+
struct gc_arena gc; /**< Garbage collection arena for
* allocations done in the scope of this
* context structure. */
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1093?usp=email
To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: Ibf64c681e02ac572d339d4d98e75ceb0cd417c45
Gerrit-Change-Number: 1093
Gerrit-PatchSet: 1
Gerrit-Owner: ordex <an...@ma...>
Gerrit-Reviewer: flichtenheld <fr...@li...>
Gerrit-Reviewer: plaisthos <arn...@rf...>
Gerrit-CC: openvpn-devel <ope...@li...>
Gerrit-Attention: plaisthos <arn...@rf...>
Gerrit-Attention: flichtenheld <fr...@li...>
Gerrit-MessageType: newchange
|
|
From: ordex (C. Review) <ge...@op...> - 2025-07-22 20:22:28
|
Attention is currently required from: flichtenheld, plaisthos.
Hello plaisthos, flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/1095?usp=email
to review the following change.
Change subject: dco_linux: fix case statement by using proper error value
......................................................................
dco_linux: fix case statement by using proper error value
A M_ERR constant accidentally slipped in as possible
netlink error value.
Substitute it with the actual code matching the following
error message.
Change-Id: I18df6ef659cab9525dd7847b7dd3950fc1895dd5
Signed-off-by: Antonio Quartulli <an...@ma...>
---
M src/openvpn/dco_linux.c
1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/95/1095/1
diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c
index c92c196..58051f5 100644
--- a/src/openvpn/dco_linux.c
+++ b/src/openvpn/dco_linux.c
@@ -143,7 +143,7 @@
msg(M_ERR, "%s: netlink out of memory error", prefix);
break;
- case -M_ERR:
+ case -NLE_AGAIN:
msg(M_WARN, "%s: netlink reports blocking read - aborting wait", prefix);
break;
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1095?usp=email
To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I18df6ef659cab9525dd7847b7dd3950fc1895dd5
Gerrit-Change-Number: 1095
Gerrit-PatchSet: 1
Gerrit-Owner: ordex <an...@ma...>
Gerrit-Reviewer: flichtenheld <fr...@li...>
Gerrit-Reviewer: plaisthos <arn...@rf...>
Gerrit-CC: openvpn-devel <ope...@li...>
Gerrit-Attention: plaisthos <arn...@rf...>
Gerrit-Attention: flichtenheld <fr...@li...>
Gerrit-MessageType: newchange
|
|
From: ordex (C. Review) <ge...@op...> - 2025-07-22 20:22:28
|
Attention is currently required from: flichtenheld, plaisthos.
Hello plaisthos, flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/1096?usp=email
to review the following change.
Change subject: dco_linux: use M_FATAL instead of M_ERR in netlink error code paths
......................................................................
dco_linux: use M_FATAL instead of M_ERR in netlink error code paths
Netlink code doesn't set errno upon error (with the exception of
any *alloc() function which probably inherits the errno=ENOMEM
from the underlying malloc call), therefore we should not print
error messages with M_ERR, but rather rely on M_FATAL.
M_ERR is equivalent to M_FATAL with the addition of appending
": $errno" to the error string.
Since errno is not meaningful in this context, we can just opt
for the less confusing M_FATAL.
Change-Id: Ifc442b4426c02de7282d0f69629e8a10b679c589
Signed-off-by: Antonio Quartulli <an...@ma...>
---
M src/openvpn/dco_linux.c
1 file changed, 9 insertions(+), 9 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/96/1096/1
diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c
index 58051f5..13506a1 100644
--- a/src/openvpn/dco_linux.c
+++ b/src/openvpn/dco_linux.c
@@ -114,7 +114,7 @@
struct nl_msg *nl_msg = nlmsg_alloc();
if (!nl_msg)
{
- msg(M_ERR, "cannot allocate netlink message");
+ msg(M_FATAL, "cannot allocate netlink message");
return NULL;
}
@@ -140,7 +140,7 @@
break;
case -NLE_NOMEM:
- msg(M_ERR, "%s: netlink out of memory error", prefix);
+ msg(M_FATAL, "%s: netlink out of memory error", prefix);
break;
case -NLE_AGAIN:
@@ -148,7 +148,7 @@
break;
case -NLE_NODEV:
- msg(M_ERR, "%s: netlink reports device not found:", prefix);
+ msg(M_FATAL, "%s: netlink reports device not found:", prefix);
break;
case -NLE_OBJ_NOTFOUND:
@@ -387,19 +387,19 @@
static void
ovpn_dco_init_netlink(dco_context_t *dco)
{
- dco->ovpn_dco_id = resolve_ovpn_netlink_id(M_ERR);
+ dco->ovpn_dco_id = resolve_ovpn_netlink_id(M_FATAL);
dco->nl_sock = nl_socket_alloc();
if (!dco->nl_sock)
{
- msg(M_ERR, "Cannot create netlink socket");
+ msg(M_FATAL, "Cannot create netlink socket");
}
int ret = genl_connect(dco->nl_sock);
if (ret)
{
- msg(M_ERR, "Cannot connect to generic netlink: %s",
+ msg(M_FATAL, "Cannot connect to generic netlink: %s",
nl_geterror(ret));
}
@@ -415,7 +415,7 @@
dco->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
if (!dco->nl_cb)
{
- msg(M_ERR, "failed to allocate netlink callback");
+ msg(M_FATAL, "failed to allocate netlink callback");
}
nl_socket_set_cb(dco->nl_sock, dco->nl_cb);
@@ -484,7 +484,7 @@
if (dco->ovpn_dco_mcast_id < 0)
{
- msg(M_ERR, "cannot get mcast group: %s", nl_geterror(dco->ovpn_dco_mcast_id));
+ msg(M_FATAL, "cannot get mcast group: %s", nl_geterror(dco->ovpn_dco_mcast_id));
}
/* Register for ovpn-dco specific multicast messages that the kernel may
@@ -493,7 +493,7 @@
int ret = nl_socket_add_membership(dco->nl_sock, dco->ovpn_dco_mcast_id);
if (ret)
{
- msg(M_ERR, "%s: failed to join groups: %d", __func__, ret);
+ msg(M_FATAL, "%s: failed to join groups: %d", __func__, ret);
}
}
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1096?usp=email
To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: Ifc442b4426c02de7282d0f69629e8a10b679c589
Gerrit-Change-Number: 1096
Gerrit-PatchSet: 1
Gerrit-Owner: ordex <an...@ma...>
Gerrit-Reviewer: flichtenheld <fr...@li...>
Gerrit-Reviewer: plaisthos <arn...@rf...>
Gerrit-CC: openvpn-devel <ope...@li...>
Gerrit-Attention: plaisthos <arn...@rf...>
Gerrit-Attention: flichtenheld <fr...@li...>
Gerrit-MessageType: newchange
|
|
From: cron2 (C. Review) <ge...@op...> - 2025-07-22 16:29:01
|
cron2 has submitted this change. ( http://gerrit.openvpn.net/c/openvpn/+/1080?usp=email ) Change subject: GHA: Update dependencies July 2025 (2.6) ...................................................................... GHA: Update dependencies July 2025 (2.6) Pin dependencies chore(deps): update lukka/get-cmake action to v4 chore(deps): update vcpkg digest to f33cc49 Change-Id: I46177b0614ad8b167a421c50d3cc8e7da4054e42 Signed-off-by: Frank Lichtenheld <fr...@li...> Acked-by: Yuriy Darnobyt <yur...@gm...> Message-Id: <202...@li...> URL: https://www.mail-archive.com/ope...@li.../msg32243.html Signed-off-by: Gert Doering <ge...@gr...> --- M .github/workflows/build.yaml M .github/workflows/coverity-scan.yml 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 22b7aca..65d5fd4 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -51,11 +51,11 @@ - name: Checkout OpenVPN uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: lukka/get-cmake@56d043d188c3612951d8755da8f4b709ec951ad6 # v3.31.6 + - uses: lukka/get-cmake@6b3e96a9bc9976b8b546346fdd102effedae0ca8 # v4.0.3 - name: Restore from cache and install vcpkg uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5 with: - vcpkgGitCommitId: acd5bba5aac8b6573b5f6f463dc0341ac0ee6fa4 + vcpkgGitCommitId: f33cc491c85a7d643c5ab6da1667c1458e6d7abf vcpkgJsonGlob: '**/mingw/vcpkg.json' - name: Run CMake with vcpkg.json manifest @@ -92,7 +92,7 @@ name: "mingw unittest ${{ matrix.test }} - ${{ matrix.arch }} - OSSL" steps: - name: Retrieve mingw unittest - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 with: name: openvpn-mingw-${{ matrix.arch }}-tests path: unittests @@ -227,7 +227,7 @@ runs-on: windows-latest steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: lukka/get-cmake@56d043d188c3612951d8755da8f4b709ec951ad6 # v3.31.6 + - uses: lukka/get-cmake@6b3e96a9bc9976b8b546346fdd102effedae0ca8 # v4.0.3 - name: Install rst2html run: python -m pip install --upgrade pip docutils @@ -235,7 +235,7 @@ - name: Restore artifacts, or setup vcpkg (do not install any package) uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5 with: - vcpkgGitCommitId: acd5bba5aac8b6573b5f6f463dc0341ac0ee6fa4 + vcpkgGitCommitId: f33cc491c85a7d643c5ab6da1667c1458e6d7abf vcpkgJsonGlob: '**/windows/vcpkg.json' - name: Run CMake with vcpkg.json manifest (NO TESTS) diff --git a/.github/workflows/coverity-scan.yml b/.github/workflows/coverity-scan.yml index 7998632d6..1a9e5a3 100644 --- a/.github/workflows/coverity-scan.yml +++ b/.github/workflows/coverity-scan.yml @@ -25,7 +25,7 @@ - name: Checkout OpenVPN if: steps.check_submit.outputs.cache-hit != 'true' - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Download Coverity Build Tool if: steps.check_submit.outputs.cache-hit != 'true' -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1080?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: release/2.6 Gerrit-Change-Id: I46177b0614ad8b167a421c50d3cc8e7da4054e42 Gerrit-Change-Number: 1080 Gerrit-PatchSet: 3 Gerrit-Owner: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-Reviewer: uddr <yur...@gm...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-MessageType: merged |
|
From: cron2 (C. Review) <ge...@op...> - 2025-07-22 16:28:55
|
cron2 has uploaded a new patch set (#3) to the change originally created by flichtenheld. ( http://gerrit.openvpn.net/c/openvpn/+/1080?usp=email ) The following approvals got outdated and were removed: Code-Review+2 by uddr Change subject: GHA: Update dependencies July 2025 (2.6) ...................................................................... GHA: Update dependencies July 2025 (2.6) Pin dependencies chore(deps): update lukka/get-cmake action to v4 chore(deps): update vcpkg digest to f33cc49 Change-Id: I46177b0614ad8b167a421c50d3cc8e7da4054e42 Signed-off-by: Frank Lichtenheld <fr...@li...> Acked-by: Yuriy Darnobyt <yur...@gm...> Message-Id: <202...@li...> URL: https://www.mail-archive.com/ope...@li.../msg32243.html Signed-off-by: Gert Doering <ge...@gr...> --- M .github/workflows/build.yaml M .github/workflows/coverity-scan.yml 2 files changed, 6 insertions(+), 6 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/80/1080/3 diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 22b7aca..65d5fd4 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -51,11 +51,11 @@ - name: Checkout OpenVPN uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: lukka/get-cmake@56d043d188c3612951d8755da8f4b709ec951ad6 # v3.31.6 + - uses: lukka/get-cmake@6b3e96a9bc9976b8b546346fdd102effedae0ca8 # v4.0.3 - name: Restore from cache and install vcpkg uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5 with: - vcpkgGitCommitId: acd5bba5aac8b6573b5f6f463dc0341ac0ee6fa4 + vcpkgGitCommitId: f33cc491c85a7d643c5ab6da1667c1458e6d7abf vcpkgJsonGlob: '**/mingw/vcpkg.json' - name: Run CMake with vcpkg.json manifest @@ -92,7 +92,7 @@ name: "mingw unittest ${{ matrix.test }} - ${{ matrix.arch }} - OSSL" steps: - name: Retrieve mingw unittest - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 with: name: openvpn-mingw-${{ matrix.arch }}-tests path: unittests @@ -227,7 +227,7 @@ runs-on: windows-latest steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: lukka/get-cmake@56d043d188c3612951d8755da8f4b709ec951ad6 # v3.31.6 + - uses: lukka/get-cmake@6b3e96a9bc9976b8b546346fdd102effedae0ca8 # v4.0.3 - name: Install rst2html run: python -m pip install --upgrade pip docutils @@ -235,7 +235,7 @@ - name: Restore artifacts, or setup vcpkg (do not install any package) uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5 with: - vcpkgGitCommitId: acd5bba5aac8b6573b5f6f463dc0341ac0ee6fa4 + vcpkgGitCommitId: f33cc491c85a7d643c5ab6da1667c1458e6d7abf vcpkgJsonGlob: '**/windows/vcpkg.json' - name: Run CMake with vcpkg.json manifest (NO TESTS) diff --git a/.github/workflows/coverity-scan.yml b/.github/workflows/coverity-scan.yml index 7998632d6..1a9e5a3 100644 --- a/.github/workflows/coverity-scan.yml +++ b/.github/workflows/coverity-scan.yml @@ -25,7 +25,7 @@ - name: Checkout OpenVPN if: steps.check_submit.outputs.cache-hit != 'true' - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Download Coverity Build Tool if: steps.check_submit.outputs.cache-hit != 'true' -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1080?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: release/2.6 Gerrit-Change-Id: I46177b0614ad8b167a421c50d3cc8e7da4054e42 Gerrit-Change-Number: 1080 Gerrit-PatchSet: 3 Gerrit-Owner: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-Reviewer: uddr <yur...@gm...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-MessageType: newpatchset |
|
From: Gert D. <ge...@gr...> - 2025-07-22 16:28:51
|
Tested on my GH repo, all green. ACKed by the build master.
Your patch has been applied to the release/2.6 branch.
commit 744b7d20d70b956279c63404bcb8b5004b41216e
Author: Frank Lichtenheld
Date: Tue Jul 22 12:28:10 2025 +0200
GHA: Update dependencies July 2025 (2.6)
Signed-off-by: Frank Lichtenheld <fr...@li...>
Acked-by: Yuriy Darnobyt <yur...@gm...>
Message-Id: <202...@li...>
URL: https://www.mail-archive.com/ope...@li.../msg32243.html
Signed-off-by: Gert Doering <ge...@gr...>
--
kind regards,
Gert Doering
|
|
From: Gert D. <ge...@gr...> - 2025-07-22 16:16:30
|
Tested on my GH repo, all fine. ACKed by the build master :-)
Your patch has been applied to the master branch.
commit 48f4a6a56189703073e1282a1a252e0bd8d9b05d
Author: Frank Lichtenheld
Date: Tue Jul 22 12:27:18 2025 +0200
GHA: Dependency updates July 2025
Signed-off-by: Frank Lichtenheld <fr...@li...>
Acked-by: Yuriy Darnobyt <yur...@gm...>
Message-Id: <202...@li...>
URL: https://www.mail-archive.com/ope...@li.../msg32242.html
Signed-off-by: Gert Doering <ge...@gr...>
--
kind regards,
Gert Doering
|
|
From: cron2 (C. Review) <ge...@op...> - 2025-07-22 16:16:12
|
cron2 has uploaded a new patch set (#6) to the change originally created by flichtenheld. ( http://gerrit.openvpn.net/c/openvpn/+/1079?usp=email ) The following approvals got outdated and were removed: Code-Review+2 by uddr Change subject: GHA: Dependency updates July 2025 ...................................................................... GHA: Dependency updates July 2025 chore(deps): update dependency aws/aws-lc to v1.55.0 chore(deps): update lukka/get-cmake action to v4.0.3 chore(deps): update vcpkg digest to f33cc49 chore(deps): update dependency mbed-tls/mbedtls to v3.6.4 Change-Id: I6122225cc12c4f299a2a48db24bc7379ac6c5921 Signed-off-by: Frank Lichtenheld <fr...@li...> Acked-by: Yuriy Darnobyt <yur...@gm...> Message-Id: <202...@li...> URL: https://www.mail-archive.com/ope...@li.../msg32242.html Signed-off-by: Gert Doering <ge...@gr...> --- M .github/workflows/build.yaml 1 file changed, 9 insertions(+), 9 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/79/1079/6 diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index d4fdc9d..bd5895b 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -54,11 +54,11 @@ steps: - name: Checkout OpenVPN uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: lukka/get-cmake@57c20a23a6cac5b90f31864439996e5b206df9dc # v4.0.1 + - uses: lukka/get-cmake@6b3e96a9bc9976b8b546346fdd102effedae0ca8 # v4.0.3 - name: Install vcpkg uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5 with: - vcpkgGitCommitId: b12aa38a44a29bd8461404f2514e4c7cf00e1fc5 + vcpkgGitCommitId: f33cc491c85a7d643c5ab6da1667c1458e6d7abf - name: Install dependencies run: ${VCPKG_ROOT}/vcpkg install openssl lz4 cmocka - name: configure OpenVPN with cmake @@ -88,11 +88,11 @@ - name: Checkout OpenVPN uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: lukka/get-cmake@57c20a23a6cac5b90f31864439996e5b206df9dc # v4.0.1 + - uses: lukka/get-cmake@6b3e96a9bc9976b8b546346fdd102effedae0ca8 # v4.0.3 - name: Restore from cache and install vcpkg uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5 with: - vcpkgGitCommitId: b12aa38a44a29bd8461404f2514e4c7cf00e1fc5 + vcpkgGitCommitId: f33cc491c85a7d643c5ab6da1667c1458e6d7abf vcpkgJsonGlob: '**/mingw/vcpkg.json' - name: Run CMake with vcpkg.json manifest @@ -276,7 +276,7 @@ runs-on: windows-latest steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: lukka/get-cmake@57c20a23a6cac5b90f31864439996e5b206df9dc # v4.0.1 + - uses: lukka/get-cmake@6b3e96a9bc9976b8b546346fdd102effedae0ca8 # v4.0.3 - name: Install rst2html run: python -m pip install --upgrade pip docutils @@ -284,7 +284,7 @@ - name: Restore artifacts, or setup vcpkg (do not install any package) uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5 with: - vcpkgGitCommitId: b12aa38a44a29bd8461404f2514e4c7cf00e1fc5 + vcpkgGitCommitId: f33cc491c85a7d643c5ab6da1667c1458e6d7abf vcpkgJsonGlob: '**/windows/vcpkg.json' - name: Run CMake with vcpkg.json manifest (NO TESTS) @@ -413,7 +413,7 @@ submodules: true # versioning=semver-coerced repository: Mbed-TLS/mbedtls - ref: v3.6.3 + ref: v3.6.4 - name: "mbedtls: make no_test" run: make -j3 no_test SHARED=1 working-directory: mbedtls @@ -471,8 +471,8 @@ path: aws-lc # versioning=semver-coerced repository: aws/aws-lc - ref: v1.51.2 - - uses: lukka/get-cmake@57c20a23a6cac5b90f31864439996e5b206df9dc # v4.0.1 + ref: v1.55.0 + - uses: lukka/get-cmake@6b3e96a9bc9976b8b546346fdd102effedae0ca8 # v4.0.3 - name: "AWS-LC: build" run: | mkdir build -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1079?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I6122225cc12c4f299a2a48db24bc7379ac6c5921 Gerrit-Change-Number: 1079 Gerrit-PatchSet: 6 Gerrit-Owner: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-Reviewer: uddr <yur...@gm...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-MessageType: newpatchset |
|
From: cron2 (C. Review) <ge...@op...> - 2025-07-22 16:16:08
|
cron2 has submitted this change. ( http://gerrit.openvpn.net/c/openvpn/+/1079?usp=email ) Change subject: GHA: Dependency updates July 2025 ...................................................................... GHA: Dependency updates July 2025 chore(deps): update dependency aws/aws-lc to v1.55.0 chore(deps): update lukka/get-cmake action to v4.0.3 chore(deps): update vcpkg digest to f33cc49 chore(deps): update dependency mbed-tls/mbedtls to v3.6.4 Change-Id: I6122225cc12c4f299a2a48db24bc7379ac6c5921 Signed-off-by: Frank Lichtenheld <fr...@li...> Acked-by: Yuriy Darnobyt <yur...@gm...> Message-Id: <202...@li...> URL: https://www.mail-archive.com/ope...@li.../msg32242.html Signed-off-by: Gert Doering <ge...@gr...> --- M .github/workflows/build.yaml 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index d4fdc9d..bd5895b 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -54,11 +54,11 @@ steps: - name: Checkout OpenVPN uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: lukka/get-cmake@57c20a23a6cac5b90f31864439996e5b206df9dc # v4.0.1 + - uses: lukka/get-cmake@6b3e96a9bc9976b8b546346fdd102effedae0ca8 # v4.0.3 - name: Install vcpkg uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5 with: - vcpkgGitCommitId: b12aa38a44a29bd8461404f2514e4c7cf00e1fc5 + vcpkgGitCommitId: f33cc491c85a7d643c5ab6da1667c1458e6d7abf - name: Install dependencies run: ${VCPKG_ROOT}/vcpkg install openssl lz4 cmocka - name: configure OpenVPN with cmake @@ -88,11 +88,11 @@ - name: Checkout OpenVPN uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: lukka/get-cmake@57c20a23a6cac5b90f31864439996e5b206df9dc # v4.0.1 + - uses: lukka/get-cmake@6b3e96a9bc9976b8b546346fdd102effedae0ca8 # v4.0.3 - name: Restore from cache and install vcpkg uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5 with: - vcpkgGitCommitId: b12aa38a44a29bd8461404f2514e4c7cf00e1fc5 + vcpkgGitCommitId: f33cc491c85a7d643c5ab6da1667c1458e6d7abf vcpkgJsonGlob: '**/mingw/vcpkg.json' - name: Run CMake with vcpkg.json manifest @@ -276,7 +276,7 @@ runs-on: windows-latest steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: lukka/get-cmake@57c20a23a6cac5b90f31864439996e5b206df9dc # v4.0.1 + - uses: lukka/get-cmake@6b3e96a9bc9976b8b546346fdd102effedae0ca8 # v4.0.3 - name: Install rst2html run: python -m pip install --upgrade pip docutils @@ -284,7 +284,7 @@ - name: Restore artifacts, or setup vcpkg (do not install any package) uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5 with: - vcpkgGitCommitId: b12aa38a44a29bd8461404f2514e4c7cf00e1fc5 + vcpkgGitCommitId: f33cc491c85a7d643c5ab6da1667c1458e6d7abf vcpkgJsonGlob: '**/windows/vcpkg.json' - name: Run CMake with vcpkg.json manifest (NO TESTS) @@ -413,7 +413,7 @@ submodules: true # versioning=semver-coerced repository: Mbed-TLS/mbedtls - ref: v3.6.3 + ref: v3.6.4 - name: "mbedtls: make no_test" run: make -j3 no_test SHARED=1 working-directory: mbedtls @@ -471,8 +471,8 @@ path: aws-lc # versioning=semver-coerced repository: aws/aws-lc - ref: v1.51.2 - - uses: lukka/get-cmake@57c20a23a6cac5b90f31864439996e5b206df9dc # v4.0.1 + ref: v1.55.0 + - uses: lukka/get-cmake@6b3e96a9bc9976b8b546346fdd102effedae0ca8 # v4.0.3 - name: "AWS-LC: build" run: | mkdir build -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1079?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I6122225cc12c4f299a2a48db24bc7379ac6c5921 Gerrit-Change-Number: 1079 Gerrit-PatchSet: 6 Gerrit-Owner: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-Reviewer: uddr <yur...@gm...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-MessageType: merged |
|
From: flichtenheld (C. Review) <ge...@op...> - 2025-07-22 14:59:16
|
Attention is currently required from: plaisthos. flichtenheld has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1067?usp=email ) Change subject: Check message id/acked ids too when doing sessionid cookie checks ...................................................................... Patch Set 3: Code-Review-1 (1 comment) File tests/unit_tests/openvpn/test_pkt.c: http://gerrit.openvpn.net/c/openvpn/+/1067/comment/69758acd_c7222844 : PS3, Line 533: Looking at the LeakSanitizer failure and the other test cases I think there is a `free_tls_pre_decrypt_state(&state);` missing here. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1067?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I6752dcd5aff3e5cea2b439366479e86751a1c403 Gerrit-Change-Number: 1067 Gerrit-PatchSet: 3 Gerrit-Owner: plaisthos <arn...@rf...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Comment-Date: Tue, 22 Jul 2025 14:59:07 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment |
|
From: flichtenheld (C. Review) <ge...@op...> - 2025-07-22 14:42:25
|
Attention is currently required from: plaisthos. flichtenheld has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/770?usp=email ) Change subject: Fix socketpair return status not being checked in port share code ...................................................................... Patch Set 2: (1 comment) File src/openvpn/ps.c: http://gerrit.openvpn.net/c/openvpn/+/770/comment/b573480e_0d81a26d : PS1, Line 237: if (!socketpair(AF_UNIX, SOCK_DGRAM, 0, sd_null)) > Shouldn't that test for -1? Done -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/770?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Id99a3ba13c0f1d0bc7e4699fb67ee9dff6221639 Gerrit-Change-Number: 770 Gerrit-PatchSet: 2 Gerrit-Owner: plaisthos <arn...@rf...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Comment-Date: Tue, 22 Jul 2025 14:42:15 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: flichtenheld <fr...@li...> Gerrit-MessageType: comment |
|
From: Walter D. <wal...@wj...> - 2025-07-22 11:12:17
|
Anything I can do to get this moving along? Cheers, Walter On 26-06-2025 10:14, plaisthos (Code Review) wrote: > Attention is currently required from: flichtenheld. > > plaisthos *uploaded patch set #3* to this change. > > View Change <http://gerrit.openvpn.net/c/openvpn/+/1067?usp=email> > > Check message id/acked ids too when doing sessionid cookie checks > > This fixes that control packets on a floating client can trigger > creating a new session in special circumstances: > > To trigger this circumstance a connection needs to > > - starts on IP A > - successfully floats to IP B by data packet > - then has a control packet from IP A before any > data packet can trigger the float back to IP A > > and all of this needs to happen in the 60s time > that hmac cookie is valid in the default > configuration. > > In this scenario we would trigger a new connection as the HMAC > session id would be valid. > > This patch adds checking also of the message-id and acked ids to > discern packet from the initial three-way handshake where these > ids 0 or 1 from any later packet. > > This will now trigger (at verb 4 or higher) a messaged like: > > Packet (P_ACK_V1) with invalid or missing SID > > instead. > > Reported-By: Walter Doekes <wal...@wj...> > Tested-By: Walter Doekes <wal...@wj...> > > Change-Id: I6752dcd5aff3e5cea2b439366479e86751a1c403 > Signed-off-by: Arne Schwabe <ar...@rf...> > --- > M src/openvpn/mudp.c > M src/openvpn/ssl_pkt.c > M src/openvpn/ssl_pkt.h > M tests/unit_tests/openvpn/test_pkt.c > 4 files changed, 112 insertions(+), 6 deletions(-) > > git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/67/1067/3 > > diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c > index 93e65e0..9cd667c 100644 > --- a/src/openvpn/mudp.c > +++ b/src/openvpn/mudp.c > @@ -63,7 +63,6 @@ > msg(D_MULTI_DEBUG, "Reset packet from client, sending HMAC based reset > challenge"); > } > > - > /* Returns true if this packet should create a new session */ > static bool > do_pre_decrypt_check(struct multi_context *m, > @@ -155,7 +154,8 @@ > * need to contain the peer id */ > struct gc_arena gc = gc_new(); > > - bool ret = check_session_id_hmac(state, from, hmac, handwindow); > + bool pkt_is_ack = (verdict == VERDICT_VALID_ACK_V1); > + bool ret = check_session_id_hmac(state, from, hmac, handwindow, > pkt_is_ack); > > const char *peer = print_link_socket_actual(&m->top.c2.from, &gc); > uint8_t pkt_firstbyte = *BPTR( &m->top.c2.buf); > @@ -171,6 +171,7 @@ > msg(D_MULTI_DEBUG, "Valid packet (%s) with HMAC challenge from peer (%s), " > "accepting new connection.", packet_opcode_name(op), peer); > } > + > gc_free(&gc); > > return ret; > diff --git a/src/openvpn/ssl_pkt.c b/src/openvpn/ssl_pkt.c > index bfd405f..0bbc465 100644 > --- a/src/openvpn/ssl_pkt.c > +++ b/src/openvpn/ssl_pkt.c > @@ -293,6 +293,7 @@ > } > } > > + > /* > * This function is similar to tls_pre_decrypt, except it is called > * when we are in server mode and receive an initial incoming > @@ -530,7 +531,8 @@ > check_session_id_hmac(struct tls_pre_decrypt_state *state, > const struct openvpn_sockaddr *from, > hmac_ctx_t *hmac, > - int handwindow) > + int handwindow, > + bool pkt_is_ack) > { > if (!from) > { > @@ -545,6 +547,36 @@ > return false; > } > > + /* Check if the packet ID of the packet or ACKED packet is <= 1 */ > + for (int i = 0; i < ack.len; i++) > + { > + /* This packet ACKs a packet that has a higher packet id than the > + * ones expected in the three-way handshake, consider it as invalid > + * for the session */ > + if (ack.packet_id[i] > 1) > + { > + return false; > + } > + } > + > + if (!pkt_is_ack) > + { > + packet_id_type message_id; > + /* Extract the packet ID from the packet */ > + if (!reliable_ack_read_packet_id(&buf, &message_id)) > + { > + return false; > + } > + > + /* similar check. Anything larger than 1 is not considered part of the > + * three-way handshake */ > + if (message_id > 1) > + { > + return false; > + } > + } > + > + > /* check adjacent timestamps too */ > for (int offset = -2; offset <= 1; offset++) > { > diff --git a/src/openvpn/ssl_pkt.h b/src/openvpn/ssl_pkt.h > index 98a39d3..1b6bcc0 100644 > --- a/src/openvpn/ssl_pkt.h > +++ b/src/openvpn/ssl_pkt.h > @@ -180,17 +180,24 @@ > /** > * Checks if a control packet has a correct HMAC server session id > * > + * This will also consider packets that have a packet id higher > + * than 1 or ack packets higher than 1 to be invalid as they are > + * not part of the initial three way handshake of OpenVPN and should > + * not create a new connection. > + * > * @param state session information > * @param from link_socket from the client > * @param hmac the hmac context to use for the calculation > * @param handwindow the quantisation of the current time > + * @param pkt_is_ack the packet being checked is a P_ACK_V1 > * @return the expected server session id > */ > bool > check_session_id_hmac(struct tls_pre_decrypt_state *state, > const struct openvpn_sockaddr *from, > hmac_ctx_t *hmac, > - int handwindow); > + int handwindow, > + bool pkt_is_ack); > > /* > * Write a control channel authentication record. > diff --git a/tests/unit_tests/openvpn/test_pkt.c > b/tests/unit_tests/openvpn/test_pkt.c > index ebffabe..56ed842 100644 > --- a/tests/unit_tests/openvpn/test_pkt.c > +++ b/tests/unit_tests/openvpn/test_pkt.c > @@ -170,6 +170,27 @@ > 0x85, 0xdb, 0x53, 0x56, 0x23, 0xb0, 0x2e > }; > > +/* no tls-auth, P_ACK_V1, acks 0,1, and 2 */ > +const uint8_t client_ack_123_none_random_id[] = { > + 0x28, > + 0xae, 0xb9, 0xaf, 0xe1, 0xf0, 0x1d, 0x79, 0xc8, > + 0x03, > + 0x00, 0x00, 0x00, 0x00, > + 0x00, 0x00, 0x00, 0x01, > + 0x00, 0x00, 0x00, 0x02, > + 0xdd, 0x85, 0xdb, 0x53, 0x56, 0x23, 0xb0, 0x2e > +}; > + > +/* no tls-auth, P_CONTROL_V1, acks 0, msg-id 2 */ > +const uint8_t client_control_none_random_id[] = { > + 0x20, > + 0xae, 0xb9, 0xaf, 0xe1, 0xf0, 0x1d, 0x79, 0xc8, > + 0x01, > + 0x00, 0x00, 0x00, 0x00, > + 0x02 > +}; > + > + > struct tls_auth_standalone > init_tas_auth(int key_direction) > { > @@ -439,7 +460,7 @@ > assert_int_equal(verdict, VERDICT_VALID_CONTROL_V1); > > /* This is a valid packet but containing a random id instead of an HMAC id*/ > - bool valid = check_session_id_hmac(&state, &from.dest, hmac, 30); > + bool valid = check_session_id_hmac(&state, &from.dest, hmac, 30, false); > assert_false(valid); > > free_tls_pre_decrypt_state(&state); > @@ -470,7 +491,7 @@ > verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf); > assert_int_equal(verdict, VERDICT_VALID_ACK_V1); > > - bool valid = check_session_id_hmac(&state, &from.dest, hmac, 30); > + bool valid = check_session_id_hmac(&state, &from.dest, hmac, 30, true); > assert_true(valid); > > free_tls_pre_decrypt_state(&state); > @@ -479,6 +500,50 @@ > hmac_ctx_free(hmac); > } > > +static void > +test_verify_hmac_none_out_of_range_ack(void **ut_state) > +{ > + hmac_ctx_t *hmac = session_id_hmac_init(); > + > + struct link_socket_actual from = { 0 }; > + from.dest.addr.sa.sa_family = AF_INET; > + > + struct tls_auth_standalone tas = { 0 }; > + struct tls_pre_decrypt_state state = { 0 }; > + > + struct buffer buf = alloc_buf(1024); > + enum first_packet_verdict verdict; > + > + tas.tls_wrap.mode = TLS_WRAP_NONE; > + > + buf_reset_len(&buf); > + buf_write(&buf, client_ack_123_none_random_id, > sizeof(client_ack_123_none_random_id)); > + > + > + verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf); > + assert_int_equal(verdict, VERDICT_VALID_ACK_V1); > + > + /* should fail because it acks 2 */ > + bool valid = check_session_id_hmac(&state, &from.dest, hmac, 30, true); > + assert_false(valid); > + > + /* Try test with the control with a too high message id now */ > + buf_reset_len(&buf); > + buf_write(&buf, client_control_none_random_id, > sizeof(client_control_none_random_id)); > + > + verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf); > + assert_int_equal(verdict, VERDICT_VALID_CONTROL_V1); > + > + /* should fail because it has message id 2 */ > + valid = check_session_id_hmac(&state, &from.dest, hmac, 30, true); > + assert_false(valid); > + > + free_tls_pre_decrypt_state(&state); > + free_buf(&buf); > + hmac_ctx_cleanup(hmac); > + hmac_ctx_free(hmac); > +} > + > static hmac_ctx_t * > init_static_hmac(void) > { > @@ -667,6 +732,7 @@ > cmocka_unit_test(test_calc_session_id_hmac_static), > cmocka_unit_test(test_verify_hmac_none), > cmocka_unit_test(test_verify_hmac_tls_auth), > + cmocka_unit_test(test_verify_hmac_none_out_of_range_ack), > cmocka_unit_test(test_generate_reset_packet_plain), > cmocka_unit_test(test_generate_reset_packet_tls_auth), > cmocka_unit_test(test_extract_control_message) > > To view, visit change 1067 > <http://gerrit.openvpn.net/c/openvpn/+/1067?usp=email>. To unsubscribe, > or for help writing mail filters, visit settings > <http://gerrit.openvpn.net/settings>. > > Gerrit-Project: openvpn > Gerrit-Branch: master > Gerrit-Change-Id: I6752dcd5aff3e5cea2b439366479e86751a1c403 > Gerrit-Change-Number: 1067 > Gerrit-PatchSet: 3 > Gerrit-Owner: plaisthos <arn...@rf...> > Gerrit-Reviewer: flichtenheld <fr...@li...> > Gerrit-CC: openvpn-devel <ope...@li...> > Gerrit-Attention: flichtenheld <fr...@li...> > Gerrit-MessageType: newpatchset > > > _______________________________________________ > Openvpn-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openvpn-devel |
|
From: Frank L. <fr...@li...> - 2025-07-22 10:30:21
|
Pin dependencies chore(deps): update lukka/get-cmake action to v4 chore(deps): update vcpkg digest to f33cc49 Change-Id: I46177b0614ad8b167a421c50d3cc8e7da4054e42 Signed-off-by: Frank Lichtenheld <fr...@li...> Acked-by: Yuriy Darnobyt <yur...@gm...> --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to release/2.6. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1080 This mail reflects revision 2 of this Change. Acked-by according to Gerrit (reflected above): Yuriy Darnobyt <yur...@gm...> diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 22b7aca..65d5fd4 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -51,11 +51,11 @@ - name: Checkout OpenVPN uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: lukka/get-cmake@56d043d188c3612951d8755da8f4b709ec951ad6 # v3.31.6 + - uses: lukka/get-cmake@6b3e96a9bc9976b8b546346fdd102effedae0ca8 # v4.0.3 - name: Restore from cache and install vcpkg uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5 with: - vcpkgGitCommitId: acd5bba5aac8b6573b5f6f463dc0341ac0ee6fa4 + vcpkgGitCommitId: f33cc491c85a7d643c5ab6da1667c1458e6d7abf vcpkgJsonGlob: '**/mingw/vcpkg.json' - name: Run CMake with vcpkg.json manifest @@ -92,7 +92,7 @@ name: "mingw unittest ${{ matrix.test }} - ${{ matrix.arch }} - OSSL" steps: - name: Retrieve mingw unittest - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 with: name: openvpn-mingw-${{ matrix.arch }}-tests path: unittests @@ -227,7 +227,7 @@ runs-on: windows-latest steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: lukka/get-cmake@56d043d188c3612951d8755da8f4b709ec951ad6 # v3.31.6 + - uses: lukka/get-cmake@6b3e96a9bc9976b8b546346fdd102effedae0ca8 # v4.0.3 - name: Install rst2html run: python -m pip install --upgrade pip docutils @@ -235,7 +235,7 @@ - name: Restore artifacts, or setup vcpkg (do not install any package) uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5 with: - vcpkgGitCommitId: acd5bba5aac8b6573b5f6f463dc0341ac0ee6fa4 + vcpkgGitCommitId: f33cc491c85a7d643c5ab6da1667c1458e6d7abf vcpkgJsonGlob: '**/windows/vcpkg.json' - name: Run CMake with vcpkg.json manifest (NO TESTS) diff --git a/.github/workflows/coverity-scan.yml b/.github/workflows/coverity-scan.yml index 7998632d6..1a9e5a3 100644 --- a/.github/workflows/coverity-scan.yml +++ b/.github/workflows/coverity-scan.yml @@ -25,7 +25,7 @@ - name: Checkout OpenVPN if: steps.check_submit.outputs.cache-hit != 'true' - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Download Coverity Build Tool if: steps.check_submit.outputs.cache-hit != 'true' |
|
From: Frank L. <fr...@li...> - 2025-07-22 10:29:37
|
chore(deps): update dependency aws/aws-lc to v1.55.0 chore(deps): update lukka/get-cmake action to v4.0.3 chore(deps): update vcpkg digest to f33cc49 chore(deps): update dependency mbed-tls/mbedtls to v3.6.4 Change-Id: I6122225cc12c4f299a2a48db24bc7379ac6c5921 Signed-off-by: Frank Lichtenheld <fr...@li...> Acked-by: Yuriy Darnobyt <yur...@gm...> --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1079 This mail reflects revision 5 of this Change. Acked-by according to Gerrit (reflected above): Yuriy Darnobyt <yur...@gm...> diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index d4fdc9d..bd5895b 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -54,11 +54,11 @@ steps: - name: Checkout OpenVPN uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: lukka/get-cmake@57c20a23a6cac5b90f31864439996e5b206df9dc # v4.0.1 + - uses: lukka/get-cmake@6b3e96a9bc9976b8b546346fdd102effedae0ca8 # v4.0.3 - name: Install vcpkg uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5 with: - vcpkgGitCommitId: b12aa38a44a29bd8461404f2514e4c7cf00e1fc5 + vcpkgGitCommitId: f33cc491c85a7d643c5ab6da1667c1458e6d7abf - name: Install dependencies run: ${VCPKG_ROOT}/vcpkg install openssl lz4 cmocka - name: configure OpenVPN with cmake @@ -88,11 +88,11 @@ - name: Checkout OpenVPN uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: lukka/get-cmake@57c20a23a6cac5b90f31864439996e5b206df9dc # v4.0.1 + - uses: lukka/get-cmake@6b3e96a9bc9976b8b546346fdd102effedae0ca8 # v4.0.3 - name: Restore from cache and install vcpkg uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5 with: - vcpkgGitCommitId: b12aa38a44a29bd8461404f2514e4c7cf00e1fc5 + vcpkgGitCommitId: f33cc491c85a7d643c5ab6da1667c1458e6d7abf vcpkgJsonGlob: '**/mingw/vcpkg.json' - name: Run CMake with vcpkg.json manifest @@ -276,7 +276,7 @@ runs-on: windows-latest steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: lukka/get-cmake@57c20a23a6cac5b90f31864439996e5b206df9dc # v4.0.1 + - uses: lukka/get-cmake@6b3e96a9bc9976b8b546346fdd102effedae0ca8 # v4.0.3 - name: Install rst2html run: python -m pip install --upgrade pip docutils @@ -284,7 +284,7 @@ - name: Restore artifacts, or setup vcpkg (do not install any package) uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5 with: - vcpkgGitCommitId: b12aa38a44a29bd8461404f2514e4c7cf00e1fc5 + vcpkgGitCommitId: f33cc491c85a7d643c5ab6da1667c1458e6d7abf vcpkgJsonGlob: '**/windows/vcpkg.json' - name: Run CMake with vcpkg.json manifest (NO TESTS) @@ -413,7 +413,7 @@ submodules: true # versioning=semver-coerced repository: Mbed-TLS/mbedtls - ref: v3.6.3 + ref: v3.6.4 - name: "mbedtls: make no_test" run: make -j3 no_test SHARED=1 working-directory: mbedtls @@ -471,8 +471,8 @@ path: aws-lc # versioning=semver-coerced repository: aws/aws-lc - ref: v1.51.2 - - uses: lukka/get-cmake@57c20a23a6cac5b90f31864439996e5b206df9dc # v4.0.1 + ref: v1.55.0 + - uses: lukka/get-cmake@6b3e96a9bc9976b8b546346fdd102effedae0ca8 # v4.0.3 - name: "AWS-LC: build" run: | mkdir build |
|
From: flichtenheld (C. Review) <ge...@op...> - 2025-07-22 10:26:35
|
Attention is currently required from: flichtenheld, plaisthos.
Hello plaisthos, uddr,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/1080?usp=email
to look at the new patch set (#2).
The change is no longer submittable: checks~ChecksSubmitRule is unsatisfied now.
Change subject: GHA: Update dependencies July 2025 (2.6)
......................................................................
GHA: Update dependencies July 2025 (2.6)
Pin dependencies
chore(deps): update lukka/get-cmake action to v4
chore(deps): update vcpkg digest to f33cc49
Change-Id: I46177b0614ad8b167a421c50d3cc8e7da4054e42
Signed-off-by: Frank Lichtenheld <fr...@li...>
---
M .github/workflows/build.yaml
M .github/workflows/coverity-scan.yml
2 files changed, 6 insertions(+), 6 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/80/1080/2
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 22b7aca..65d5fd4 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -51,11 +51,11 @@
- name: Checkout OpenVPN
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- - uses: lukka/get-cmake@56d043d188c3612951d8755da8f4b709ec951ad6 # v3.31.6
+ - uses: lukka/get-cmake@6b3e96a9bc9976b8b546346fdd102effedae0ca8 # v4.0.3
- name: Restore from cache and install vcpkg
uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5
with:
- vcpkgGitCommitId: acd5bba5aac8b6573b5f6f463dc0341ac0ee6fa4
+ vcpkgGitCommitId: f33cc491c85a7d643c5ab6da1667c1458e6d7abf
vcpkgJsonGlob: '**/mingw/vcpkg.json'
- name: Run CMake with vcpkg.json manifest
@@ -92,7 +92,7 @@
name: "mingw unittest ${{ matrix.test }} - ${{ matrix.arch }} - OSSL"
steps:
- name: Retrieve mingw unittest
- uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
+ uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
with:
name: openvpn-mingw-${{ matrix.arch }}-tests
path: unittests
@@ -227,7 +227,7 @@
runs-on: windows-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- - uses: lukka/get-cmake@56d043d188c3612951d8755da8f4b709ec951ad6 # v3.31.6
+ - uses: lukka/get-cmake@6b3e96a9bc9976b8b546346fdd102effedae0ca8 # v4.0.3
- name: Install rst2html
run: python -m pip install --upgrade pip docutils
@@ -235,7 +235,7 @@
- name: Restore artifacts, or setup vcpkg (do not install any package)
uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5
with:
- vcpkgGitCommitId: acd5bba5aac8b6573b5f6f463dc0341ac0ee6fa4
+ vcpkgGitCommitId: f33cc491c85a7d643c5ab6da1667c1458e6d7abf
vcpkgJsonGlob: '**/windows/vcpkg.json'
- name: Run CMake with vcpkg.json manifest (NO TESTS)
diff --git a/.github/workflows/coverity-scan.yml b/.github/workflows/coverity-scan.yml
index 7998632d6..1a9e5a3 100644
--- a/.github/workflows/coverity-scan.yml
+++ b/.github/workflows/coverity-scan.yml
@@ -25,7 +25,7 @@
- name: Checkout OpenVPN
if: steps.check_submit.outputs.cache-hit != 'true'
- uses: actions/checkout@v4
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Download Coverity Build Tool
if: steps.check_submit.outputs.cache-hit != 'true'
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1080?usp=email
To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: release/2.6
Gerrit-Change-Id: I46177b0614ad8b167a421c50d3cc8e7da4054e42
Gerrit-Change-Number: 1080
Gerrit-PatchSet: 2
Gerrit-Owner: flichtenheld <fr...@li...>
Gerrit-Reviewer: plaisthos <arn...@rf...>
Gerrit-Reviewer: uddr <yur...@gm...>
Gerrit-CC: openvpn-devel <ope...@li...>
Gerrit-Attention: plaisthos <arn...@rf...>
Gerrit-Attention: flichtenheld <fr...@li...>
Gerrit-MessageType: newpatchset
|
|
From: flichtenheld (C. Review) <ge...@op...> - 2025-07-22 10:25:34
|
Attention is currently required from: flichtenheld, plaisthos.
Hello plaisthos, uddr,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/1079?usp=email
to look at the new patch set (#5).
The change is no longer submittable: checks~ChecksSubmitRule is unsatisfied now.
Change subject: GHA: Dependency updates July 2025
......................................................................
GHA: Dependency updates July 2025
chore(deps): update dependency aws/aws-lc to v1.55.0
chore(deps): update lukka/get-cmake action to v4.0.3
chore(deps): update vcpkg digest to f33cc49
chore(deps): update dependency mbed-tls/mbedtls to v3.6.4
Change-Id: I6122225cc12c4f299a2a48db24bc7379ac6c5921
Signed-off-by: Frank Lichtenheld <fr...@li...>
---
M .github/workflows/build.yaml
1 file changed, 9 insertions(+), 9 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/79/1079/5
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index d4fdc9d..bd5895b 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -54,11 +54,11 @@
steps:
- name: Checkout OpenVPN
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- - uses: lukka/get-cmake@57c20a23a6cac5b90f31864439996e5b206df9dc # v4.0.1
+ - uses: lukka/get-cmake@6b3e96a9bc9976b8b546346fdd102effedae0ca8 # v4.0.3
- name: Install vcpkg
uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5
with:
- vcpkgGitCommitId: b12aa38a44a29bd8461404f2514e4c7cf00e1fc5
+ vcpkgGitCommitId: f33cc491c85a7d643c5ab6da1667c1458e6d7abf
- name: Install dependencies
run: ${VCPKG_ROOT}/vcpkg install openssl lz4 cmocka
- name: configure OpenVPN with cmake
@@ -88,11 +88,11 @@
- name: Checkout OpenVPN
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- - uses: lukka/get-cmake@57c20a23a6cac5b90f31864439996e5b206df9dc # v4.0.1
+ - uses: lukka/get-cmake@6b3e96a9bc9976b8b546346fdd102effedae0ca8 # v4.0.3
- name: Restore from cache and install vcpkg
uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5
with:
- vcpkgGitCommitId: b12aa38a44a29bd8461404f2514e4c7cf00e1fc5
+ vcpkgGitCommitId: f33cc491c85a7d643c5ab6da1667c1458e6d7abf
vcpkgJsonGlob: '**/mingw/vcpkg.json'
- name: Run CMake with vcpkg.json manifest
@@ -276,7 +276,7 @@
runs-on: windows-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- - uses: lukka/get-cmake@57c20a23a6cac5b90f31864439996e5b206df9dc # v4.0.1
+ - uses: lukka/get-cmake@6b3e96a9bc9976b8b546346fdd102effedae0ca8 # v4.0.3
- name: Install rst2html
run: python -m pip install --upgrade pip docutils
@@ -284,7 +284,7 @@
- name: Restore artifacts, or setup vcpkg (do not install any package)
uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5
with:
- vcpkgGitCommitId: b12aa38a44a29bd8461404f2514e4c7cf00e1fc5
+ vcpkgGitCommitId: f33cc491c85a7d643c5ab6da1667c1458e6d7abf
vcpkgJsonGlob: '**/windows/vcpkg.json'
- name: Run CMake with vcpkg.json manifest (NO TESTS)
@@ -413,7 +413,7 @@
submodules: true
# versioning=semver-coerced
repository: Mbed-TLS/mbedtls
- ref: v3.6.3
+ ref: v3.6.4
- name: "mbedtls: make no_test"
run: make -j3 no_test SHARED=1
working-directory: mbedtls
@@ -471,8 +471,8 @@
path: aws-lc
# versioning=semver-coerced
repository: aws/aws-lc
- ref: v1.51.2
- - uses: lukka/get-cmake@57c20a23a6cac5b90f31864439996e5b206df9dc # v4.0.1
+ ref: v1.55.0
+ - uses: lukka/get-cmake@6b3e96a9bc9976b8b546346fdd102effedae0ca8 # v4.0.3
- name: "AWS-LC: build"
run: |
mkdir build
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1079?usp=email
To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I6122225cc12c4f299a2a48db24bc7379ac6c5921
Gerrit-Change-Number: 1079
Gerrit-PatchSet: 5
Gerrit-Owner: flichtenheld <fr...@li...>
Gerrit-Reviewer: plaisthos <arn...@rf...>
Gerrit-Reviewer: uddr <yur...@gm...>
Gerrit-CC: openvpn-devel <ope...@li...>
Gerrit-Attention: plaisthos <arn...@rf...>
Gerrit-Attention: flichtenheld <fr...@li...>
Gerrit-MessageType: newpatchset
|
|
From: flichtenheld (C. Review) <ge...@op...> - 2025-07-22 10:25:23
|
Attention is currently required from: flichtenheld, plaisthos.
Hello plaisthos, uddr,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/1079?usp=email
to look at the new patch set (#4).
The change is no longer submittable: checks~ChecksSubmitRule is unsatisfied now.
Change subject: GHA: Dependency updates July 2025
......................................................................
GHA: Dependency updates July 2025
chore(deps): update dependency aws/aws-lc to v1.55.0
chore(deps): update lukka/get-cmake action to v4.0.3
chore(deps): update vcpkg digest to f33cc49
chore(deps): update dependency mbed-tls/mbedtls to v3.6.4
Change-Id: I6122225cc12c4f299a2a48db24bc7379ac6c5921
Signed-off-by: Frank Lichtenheld <fr...@li...>
---
M .github/workflows/build.yaml
1 file changed, 9 insertions(+), 9 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/79/1079/4
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index d4fdc9d..bd5895b 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -54,11 +54,11 @@
steps:
- name: Checkout OpenVPN
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- - uses: lukka/get-cmake@57c20a23a6cac5b90f31864439996e5b206df9dc # v4.0.1
+ - uses: lukka/get-cmake@6b3e96a9bc9976b8b546346fdd102effedae0ca8 # v4.0.3
- name: Install vcpkg
uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5
with:
- vcpkgGitCommitId: b12aa38a44a29bd8461404f2514e4c7cf00e1fc5
+ vcpkgGitCommitId: f33cc491c85a7d643c5ab6da1667c1458e6d7abf
- name: Install dependencies
run: ${VCPKG_ROOT}/vcpkg install openssl lz4 cmocka
- name: configure OpenVPN with cmake
@@ -88,11 +88,11 @@
- name: Checkout OpenVPN
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- - uses: lukka/get-cmake@57c20a23a6cac5b90f31864439996e5b206df9dc # v4.0.1
+ - uses: lukka/get-cmake@6b3e96a9bc9976b8b546346fdd102effedae0ca8 # v4.0.3
- name: Restore from cache and install vcpkg
uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5
with:
- vcpkgGitCommitId: b12aa38a44a29bd8461404f2514e4c7cf00e1fc5
+ vcpkgGitCommitId: f33cc491c85a7d643c5ab6da1667c1458e6d7abf
vcpkgJsonGlob: '**/mingw/vcpkg.json'
- name: Run CMake with vcpkg.json manifest
@@ -276,7 +276,7 @@
runs-on: windows-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- - uses: lukka/get-cmake@57c20a23a6cac5b90f31864439996e5b206df9dc # v4.0.1
+ - uses: lukka/get-cmake@6b3e96a9bc9976b8b546346fdd102effedae0ca8 # v4.0.3
- name: Install rst2html
run: python -m pip install --upgrade pip docutils
@@ -284,7 +284,7 @@
- name: Restore artifacts, or setup vcpkg (do not install any package)
uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5
with:
- vcpkgGitCommitId: b12aa38a44a29bd8461404f2514e4c7cf00e1fc5
+ vcpkgGitCommitId: f33cc491c85a7d643c5ab6da1667c1458e6d7abf
vcpkgJsonGlob: '**/windows/vcpkg.json'
- name: Run CMake with vcpkg.json manifest (NO TESTS)
@@ -413,7 +413,7 @@
submodules: true
# versioning=semver-coerced
repository: Mbed-TLS/mbedtls
- ref: v3.6.3
+ ref: v3.6.4
- name: "mbedtls: make no_test"
run: make -j3 no_test SHARED=1
working-directory: mbedtls
@@ -471,8 +471,8 @@
path: aws-lc
# versioning=semver-coerced
repository: aws/aws-lc
- ref: v1.51.2
- - uses: lukka/get-cmake@57c20a23a6cac5b90f31864439996e5b206df9dc # v4.0.1
+ ref: v1.55.0
+ - uses: lukka/get-cmake@6b3e96a9bc9976b8b546346fdd102effedae0ca8 # v4.0.3
- name: "AWS-LC: build"
run: |
mkdir build
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1079?usp=email
To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I6122225cc12c4f299a2a48db24bc7379ac6c5921
Gerrit-Change-Number: 1079
Gerrit-PatchSet: 4
Gerrit-Owner: flichtenheld <fr...@li...>
Gerrit-Reviewer: plaisthos <arn...@rf...>
Gerrit-Reviewer: uddr <yur...@gm...>
Gerrit-CC: openvpn-devel <ope...@li...>
Gerrit-Attention: plaisthos <arn...@rf...>
Gerrit-Attention: flichtenheld <fr...@li...>
Gerrit-MessageType: newpatchset
|
|
From: uddr (C. Review) <ge...@op...> - 2025-07-22 10:20:16
|
Attention is currently required from: flichtenheld, plaisthos. uddr has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1079?usp=email ) Change subject: GHA: Dependency updates July 2025 ...................................................................... Patch Set 3: Code-Review+2 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1079?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I6122225cc12c4f299a2a48db24bc7379ac6c5921 Gerrit-Change-Number: 1079 Gerrit-PatchSet: 3 Gerrit-Owner: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-Reviewer: uddr <yur...@gm...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-Comment-Date: Tue, 22 Jul 2025 10:20:02 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment |
153 messages has been excluded from this view by a project administrator.
