Menu
▾
▴
openvpn-devel — OpenVPN developers list
You can subscribe to this list here.
| 2002 |
Jan
|
Feb
|
Mar
|
Apr
(24) |
May
(14) |
Jun
(29) |
Jul
(33) |
Aug
(3) |
Sep
(8) |
Oct
(18) |
Nov
(1) |
Dec
(10) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2003 |
Jan
(3) |
Feb
(33) |
Mar
(7) |
Apr
(28) |
May
(30) |
Jun
(5) |
Jul
(10) |
Aug
(7) |
Sep
(32) |
Oct
(41) |
Nov
(20) |
Dec
(10) |
| 2004 |
Jan
(24) |
Feb
(18) |
Mar
(57) |
Apr
(40) |
May
(55) |
Jun
(48) |
Jul
(77) |
Aug
(15) |
Sep
(56) |
Oct
(80) |
Nov
(74) |
Dec
(52) |
| 2005 |
Jan
(38) |
Feb
(42) |
Mar
(39) |
Apr
(56) |
May
(79) |
Jun
(73) |
Jul
(16) |
Aug
(23) |
Sep
(68) |
Oct
(77) |
Nov
(52) |
Dec
(27) |
| 2006 |
Jan
(27) |
Feb
(18) |
Mar
(51) |
Apr
(62) |
May
(28) |
Jun
(50) |
Jul
(36) |
Aug
(33) |
Sep
(47) |
Oct
(50) |
Nov
(77) |
Dec
(13) |
| 2007 |
Jan
(15) |
Feb
(8) |
Mar
(14) |
Apr
(18) |
May
(25) |
Jun
(16) |
Jul
(16) |
Aug
(19) |
Sep
(32) |
Oct
(17) |
Nov
(5) |
Dec
(5) |
| 2008 |
Jan
(64) |
Feb
(25) |
Mar
(25) |
Apr
(6) |
May
(28) |
Jun
(20) |
Jul
(10) |
Aug
(27) |
Sep
(28) |
Oct
(59) |
Nov
(37) |
Dec
(43) |
| 2009 |
Jan
(40) |
Feb
(25) |
Mar
(12) |
Apr
(57) |
May
(46) |
Jun
(29) |
Jul
(39) |
Aug
(10) |
Sep
(20) |
Oct
(42) |
Nov
(50) |
Dec
(57) |
| 2010 |
Jan
(82) |
Feb
(165) |
Mar
(256) |
Apr
(260) |
May
(36) |
Jun
(87) |
Jul
(53) |
Aug
(89) |
Sep
(107) |
Oct
(51) |
Nov
(88) |
Dec
(117) |
| 2011 |
Jan
(69) |
Feb
(60) |
Mar
(113) |
Apr
(71) |
May
(67) |
Jun
(90) |
Jul
(88) |
Aug
(90) |
Sep
(48) |
Oct
(64) |
Nov
(69) |
Dec
(118) |
| 2012 |
Jan
(49) |
Feb
(528) |
Mar
(351) |
Apr
(190) |
May
(238) |
Jun
(193) |
Jul
(104) |
Aug
(100) |
Sep
(57) |
Oct
(41) |
Nov
(47) |
Dec
(51) |
| 2013 |
Jan
(94) |
Feb
(57) |
Mar
(96) |
Apr
(105) |
May
(77) |
Jun
(102) |
Jul
(27) |
Aug
(81) |
Sep
(32) |
Oct
(53) |
Nov
(127) |
Dec
(65) |
| 2014 |
Jan
(113) |
Feb
(59) |
Mar
(104) |
Apr
(259) |
May
(70) |
Jun
(70) |
Jul
(146) |
Aug
(45) |
Sep
(58) |
Oct
(149) |
Nov
(77) |
Dec
(83) |
| 2015 |
Jan
(53) |
Feb
(66) |
Mar
(86) |
Apr
(50) |
May
(135) |
Jun
(76) |
Jul
(151) |
Aug
(83) |
Sep
(97) |
Oct
(262) |
Nov
(245) |
Dec
(231) |
| 2016 |
Jan
(131) |
Feb
(233) |
Mar
(97) |
Apr
(138) |
May
(221) |
Jun
(254) |
Jul
(92) |
Aug
(248) |
Sep
(168) |
Oct
(275) |
Nov
(477) |
Dec
(445) |
| 2017 |
Jan
(218) |
Feb
(217) |
Mar
(146) |
Apr
(172) |
May
(216) |
Jun
(252) |
Jul
(164) |
Aug
(192) |
Sep
(190) |
Oct
(143) |
Nov
(255) |
Dec
(182) |
| 2018 |
Jan
(295) |
Feb
(164) |
Mar
(113) |
Apr
(147) |
May
(64) |
Jun
(262) |
Jul
(184) |
Aug
(90) |
Sep
(69) |
Oct
(364) |
Nov
(102) |
Dec
(101) |
| 2019 |
Jan
(119) |
Feb
(64) |
Mar
(64) |
Apr
(102) |
May
(57) |
Jun
(154) |
Jul
(84) |
Aug
(81) |
Sep
(76) |
Oct
(102) |
Nov
(233) |
Dec
(89) |
| 2020 |
Jan
(38) |
Feb
(170) |
Mar
(155) |
Apr
(172) |
May
(120) |
Jun
(223) |
Jul
(461) |
Aug
(227) |
Sep
(268) |
Oct
(113) |
Nov
(56) |
Dec
(124) |
| 2021 |
Jan
(121) |
Feb
(48) |
Mar
(334) |
Apr
(345) |
May
(207) |
Jun
(136) |
Jul
(71) |
Aug
(112) |
Sep
(122) |
Oct
(173) |
Nov
(184) |
Dec
(223) |
| 2022 |
Jan
(197) |
Feb
(206) |
Mar
(156) |
Apr
(212) |
May
(192) |
Jun
(170) |
Jul
(143) |
Aug
(380) |
Sep
(182) |
Oct
(148) |
Nov
(128) |
Dec
(269) |
| 2023 |
Jan
(248) |
Feb
(196) |
Mar
(264) |
Apr
(36) |
May
(123) |
Jun
(66) |
Jul
(120) |
Aug
(48) |
Sep
(157) |
Oct
(198) |
Nov
(300) |
Dec
(273) |
| 2024 |
Jan
(271) |
Feb
(147) |
Mar
(207) |
Apr
(78) |
May
(107) |
Jun
(168) |
Jul
(151) |
Aug
(51) |
Sep
(438) |
Oct
(221) |
Nov
(302) |
Dec
(357) |
| 2025 |
Jan
(451) |
Feb
(219) |
Mar
(326) |
Apr
(232) |
May
(306) |
Jun
(181) |
Jul
(452) |
Aug
(201) |
Sep
|
Oct
|
Nov
|
Dec
|
|
From: d12fk (C. Review) <ge...@op...> - 2025-06-13 04:04:59
|
Attention is currently required from: flichtenheld, plaisthos.
Hello plaisthos, flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/1061?usp=email
to review the following change.
Change subject: fix typo in haikuos dns-updown script
......................................................................
fix typo in haikuos dns-updown script
Change-Id: I48cec222d46c67e6620281cd8b2346323b546fcd
Signed-off-by: Heiko Hund <he...@is...>
---
M distro/dns-scripts/haikuos_file-dns-updown.sh
1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/61/1061/1
diff --git a/distro/dns-scripts/haikuos_file-dns-updown.sh b/distro/dns-scripts/haikuos_file-dns-updown.sh
index 777b72d..6da0954 100644
--- a/distro/dns-scripts/haikuos_file-dns-updown.sh
+++ b/distro/dns-scripts/haikuos_file-dns-updown.sh
@@ -28,7 +28,7 @@
set -e +u
-conly_standard_server_ports() {
+only_standard_server_ports() {
i=1
while true; do
eval addr=\"\$dns_server_${n}_address_${i}\"
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1061?usp=email
To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I48cec222d46c67e6620281cd8b2346323b546fcd
Gerrit-Change-Number: 1061
Gerrit-PatchSet: 1
Gerrit-Owner: d12fk <he...@op...>
Gerrit-Reviewer: flichtenheld <fr...@li...>
Gerrit-Reviewer: plaisthos <arn...@rf...>
Gerrit-CC: openvpn-devel <ope...@li...>
Gerrit-Attention: plaisthos <arn...@rf...>
Gerrit-Attention: flichtenheld <fr...@li...>
Gerrit-MessageType: newchange
|
|
From: d12fk (C. Review) <ge...@op...> - 2025-06-13 04:04:52
|
Attention is currently required from: flichtenheld, plaisthos.
Hello plaisthos, flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/1062?usp=email
to review the following change.
Change subject: dns: add updown script for macOS
......................................................................
dns: add updown script for macOS
Change-Id: Iade06a8454ccf53668deef61f07217ead8ec6c63
Signed-off-by: Heiko Hund <he...@is...>
---
M configure.ac
M distro/dns-scripts/Makefile.am
A distro/dns-scripts/macos-dns-updown.sh
3 files changed, 218 insertions(+), 2 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/62/1062/1
diff --git a/configure.ac b/configure.ac
index 8bdec32..02b45f8 100644
--- a/configure.ac
+++ b/configure.ac
@@ -364,8 +364,7 @@
*-*-darwin*)
AC_DEFINE([TARGET_DARWIN], [1], [Are we running on Mac OS X?])
AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["M"], [Target prefix])
- AM_CONDITIONAL([ENABLE_DNS_UPDOWN], [false])
- AC_SUBST([DNS_UPDOWN_TYPE], ["resolvconf_file"])
+ AC_SUBST([DNS_UPDOWN_TYPE], ["macos"])
have_tap_header="yes"
ac_cv_type_struct_in_pktinfo=no
;;
diff --git a/distro/dns-scripts/Makefile.am b/distro/dns-scripts/Makefile.am
index 9fcd3f7..e3f9043 100644
--- a/distro/dns-scripts/Makefile.am
+++ b/distro/dns-scripts/Makefile.am
@@ -12,6 +12,7 @@
$(srcdir)/Makefile.in
EXTRA_DIST = \
+ macos-dns-updown.sh \
systemd-dns-updown.sh \
openresolv-dns-updown.sh \
haikuos_file-dns-updown.sh \
diff --git a/distro/dns-scripts/macos-dns-updown.sh b/distro/dns-scripts/macos-dns-updown.sh
new file mode 100644
index 0000000..6ffb8de
--- /dev/null
+++ b/distro/dns-scripts/macos-dns-updown.sh
@@ -0,0 +1,216 @@
+#!/bin/bash
+#
+# dns-updown - add/remove openvpn provided DNS information
+#
+# (C) Copyright 2025 OpenVPN Inc <sa...@op...>
+#
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Example env from openvpn (most are not applied):
+#
+# dns_vars_file /tmp/openvpn_dvf_58b95c0c97b2db43afb5d745f986c53c.tmp
+#
+# or
+#
+# dev utun0
+# script_type dns-up
+# dns_search_domain_1 mycorp.in
+# dns_search_domain_2 eu.mycorp.com
+# dns_server_1_address_1 192.168.99.254
+# dns_server_1_address_2 fd00::99:53
+# dns_server_1_port_2 53
+# dns_server_1_resolve_domain_1 mycorp.in
+# dns_server_1_resolve_domain_2 eu.mycorp.com
+# dns_server_1_dnssec true
+# dns_server_1_transport DoH
+# dns_server_1_sni dns.mycorp.in
+#
+
+[ -z "${dns_vars_file}" ] || . "${dns_vars_file}"
+
+itf_dns_key="State:/Network/Service/openvpn-${dev}/DNS"
+dns_backup_key="State:/Network/Service/openvpn-${dev}/DnsBackup"
+
+function primary_dns_key {
+ local uuid=$(echo "show State:/Network/Global/IPv4" | /usr/sbin/scutil | grep "PrimaryService" | cut -d: -f2 | xargs)
+ echo "State:/Network/Service/${uuid}/DNS"
+}
+
+function only_standard_server_ports {
+ local i=1
+ while :; do
+ local addr_var=dns_server_${n}_address_${i}
+ [ -n "${!addr_var}" ] || return 0
+
+ local port_var=dns_server_${n}_port_${i}
+ [ -z "${!port_var}" -o "${!port_var}" = "53" ] || return 1
+
+ i=$((i+1))
+ done
+}
+
+function find_compat_profile {
+ local n=1
+ while :; do
+ local addr_var=dns_server_${n}_address_1
+ [ -n "${!addr_var}" ] || {
+ echo "setting DNS failed, no compatible server profile"
+ exit 1
+ }
+
+ # Skip server profiles which require DNSSEC,
+ # secure transport or use a custom port
+ local dnssec_var=dns_server_${n}_dnssec
+ local transport_var=dns_server_${n}_transport
+ [ -z "${!transport_var}" -o "${!transport_var}" = "plain" ] \
+ && [ -z "${!dnssec_var}" -o "${!dnssec_var}" = "no" ] \
+ && only_standard_server_ports && break
+
+ n=$((n+1))
+ done
+ return $n
+}
+
+function get_search_domains {
+ local search_domains=""
+ local resolver=0
+ /usr/sbin/scutil --dns | while read line; do
+ if [[ "$line" =~ resolver.# ]]; then
+ resolver=$((resolver+1))
+ elif [ "$resolver" = 1 ] && [[ "$line" =~ search.domain ]]; then
+ search_domains+="$(echo $line | cut -d: -f2 | xargs) "
+ elif [ "$resolver" -gt 1 ]; then
+ echo "$search_domains"
+ break
+ fi
+ done
+}
+
+function set_search_domains {
+ [ -n "$1" ] || return
+ dns_key=$(primary_dns_key)
+ search_domains="${1}$(get_search_domains)"
+
+ local cmds=""
+ cmds+="get ${dns_key}\n"
+ cmds+="d.add SearchDomains * ${search_domains}\n"
+ cmds+="set ${dns_key}\n"
+ echo -e "${cmds}" | /usr/sbin/scutil
+}
+
+function unset_search_domains {
+ [ -n "$1" ] || return
+ dns_key=$(primary_dns_key)
+ search_domains="$(get_search_domains)"
+ search_domains=$(echo $search_domains | sed -e "s/$1//")
+
+ local cmds=""
+ cmds+="get ${dns_key}\n"
+ cmds+="d.add SearchDomains * ${search_domains}\n"
+ cmds+="set ${dns_key}\n"
+ echo -e "${cmds}" | /usr/sbin/scutil
+}
+
+function set_dns {
+ find_compat_profile
+ local n=$?
+
+ local i=1
+ local addrs=""
+ while :; do
+ local addr_var=dns_server_${n}_address_${i}
+ local addr="${!addr_var}"
+ [ -n "$addr" ] || break
+
+ local port_var=dns_server_${n}_port_${i}
+ if [ -n "${!port_var}" ]; then
+ if [[ "$addr" =~ : ]]; then
+ addr="[$addr]"
+ fi
+ addrs+="${addr}:${!port_var}${sni} "
+ else
+ addrs+="${addr}${sni} "
+ fi
+ i=$((i+1))
+ done
+
+ i=1
+ local match_domains=""
+ while :; do
+ domain_var=dns_server_${n}_resolve_domain_${i}
+ [ -n "${!domain_var}" ] || break
+ # Add as match domain, if it doesn't already exist
+ [[ "$match_domains" =~ (^| )${!domain_var}( |$) ]] \
+ || match_domains+="${!domain_var} "
+ i=$((i+1))
+ done
+
+ i=1
+ local search_domains=""
+ while :; do
+ domain_var=dns_search_domain_${i}
+ [ -n "${!domain_var}" ] || break
+ # Add as search domain, if it doesn't already exist
+ [[ "$search_domains" =~ (^| )${!domain_var}( |$) ]] \
+ || search_domains+="${!domain_var} "
+ i=$((i+1))
+ done
+
+ if [ -n "$match_domains" ]; then
+ local cmds=""
+ cmds+="d.init\n"
+ cmds+="d.add ServerAddresses * ${addrs}\n"
+ cmds+="d.add SupplementalMatchDomains * ${match_domains}\n"
+ cmds+="d.add SupplementalMatchDomainsNoSearch # 1\n"
+ cmds+="add ${itf_dns_key}\n"
+ echo -e "${cmds}" | /usr/sbin/scutil
+ set_search_domains "$search_domains"
+ else
+ local cmds=""
+ cmds+="get $(primary_dns_key)\n"
+ cmds+="set ${dns_backup_key}\n"
+ cmds+="d.init\n"
+ cmds+="d.add ServerAddresses * ${addrs}\n"
+ cmds+="d.add SearchDomains * ${search_domains}\n"
+ cmds+="set $(primary_dns_key)\n"
+ echo -e "${cmds}" | /usr/sbin/scutil
+ fi
+
+ /usr/bin/dscacheutil -flushcache
+}
+
+function unset_dns {
+ find_compat_profile
+ local n=$?
+
+ local i=1
+ local search_domains=""
+ while :; do
+ domain_var=dns_search_domain_${i}
+ [ -n "${!domain_var}" ] || break
+ # Add as search domain, if it doesn't already exist
+ [[ "$search_domains" =~ (^| )${!domain_var}( |$) ]] \
+ || search_domains+="${!domain_var} "
+ i=$((i+1))
+ done
+
+ domain_var=dns_server_${n}_resolve_domain_1
+ if [ -n "${!domain_var}" ]; then
+ echo "remove ${itf_dns_key}" | /usr/sbin/scutil
+ unset_search_domains "$search_domains"
+ else
+ local cmds=""
+ cmds+="get ${dns_backup_key}\n"
+ cmds+="set $(primary_dns_key)\n"
+ cmds+="remove ${dns_backup_key}\n"
+ echo -e "${cmds}" | /usr/sbin/scutil
+ fi
+
+ /usr/bin/dscacheutil -flushcache
+}
+
+if [ "$script_type" = "dns-up" ]; then
+ set_dns
+else
+ unset_dns
+fi
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1062?usp=email
To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: Iade06a8454ccf53668deef61f07217ead8ec6c63
Gerrit-Change-Number: 1062
Gerrit-PatchSet: 1
Gerrit-Owner: d12fk <he...@op...>
Gerrit-Reviewer: flichtenheld <fr...@li...>
Gerrit-Reviewer: plaisthos <arn...@rf...>
Gerrit-CC: openvpn-devel <ope...@li...>
Gerrit-Attention: plaisthos <arn...@rf...>
Gerrit-Attention: flichtenheld <fr...@li...>
Gerrit-MessageType: newchange
|
|
From: Antonio Q. <a...@un...> - 2025-06-12 14:40:25
|
On 04/06/2025 15:11, Ralf Lici wrote: > openvpn implements the `--mark` option, which utilizes the `SO_MARK` > Linux socket option. However, in the UDP code path, the socket's > `sk_mark` value is not currently propagated to `skb` objects that pass > through our socket. > > This commit ensures proper inheritance of the field by assigning > `sk_mark` to `skb->mark` before handing the `skb` to the network stack > for transmission. > > Signed-off-by: Ralf Lici <ra...@ma...> Well done! This patch has been merged to the development branch. Thanks -- Antonio Quartulli |
|
From: Johan D. <jo...@op...> - 2025-06-11 13:37:04
|
Meeting summary for 11 June 2025:
*
*Updated: Changes to community pages on main website*
Company is finetuning new design together with lev, ordex, and
novaflash.
Expected to be published in the next few weeks.
Rough idea (not updated with latest adjustments) is visible
herehttps://crashed.computer/new.png
*
*Updated: forums situation*
The current forums are not maintained, not working well, and flooded
with spam.
We have a contributor (minx) with web development experience willing
to set up something new, but migrate the old forum contents.
To the question where the instance should be hosted, community
indicates it should be under the community AWS infrastructure.
To the question what authentication system should be used, community
indicates it should just be the built-in system from the forum
solution itself.
*
*New: (embargo) security issue*
CVE to be registered yet.
We'll do just an updated build for 2.6 to address this issue.
And 2.7 can get an alpha-2 release that includes the fix for this issue.
Estimated delivery date 18 june 2025.
*
*Updated: Release 2.7*
OpenVPN 2.7 alpha2 expected 18 june 2025 (includes embargoed
security issue fix).
For the DNS related changes, the macOS DNS script and the
compatibility code is yet to be merged.
For the DCO related changes, Windows server support is done, epoch
data keys being worked on in both Linux and Windows.
For the live route updates changes, it is likely that this will not
make it into 2.7.
*
*Updated OpenVPN community meetup 2025*
https://community.openvpn.net/openvpn/wiki/CommunityMeetup2025
When: weekend of 25 and 26 october.
Where: Napoli, Italy.
Meeting room: giaan found a location, pricing to be determined/approved.
Hotel: giaan will take a look into this.
Beer: yes.
T-shirts: yes.
As always you're welcome to join at #openvpn-meeting on Libera IRC
network every Wednesday at 14:00 Central European Time.
Kind regards,
Johan Draaisma
|
|
From: mattock (C. Review) <ge...@op...> - 2025-06-10 15:47:59
|
Attention is currently required from: cron2, flichtenheld, plaisthos.
Hello flichtenheld, plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/1024?usp=email
to look at the new patch set (#3).
Change subject: t_server_null: print error when server startup fails
......................................................................
t_server_null: print error when server startup fails
Use "&" to background so that the exit code and all output can be
obtained in all failure cases.
Change-Id: I39dc6b08952a06dae7901e468f9487c8541d83c3
Signed-off-by: Samuli Seppänen <sam...@gm...>
---
M tests/t_server_null_default.rc
M tests/t_server_null_server.sh
2 files changed, 13 insertions(+), 15 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/24/1024/3
diff --git a/tests/t_server_null_default.rc b/tests/t_server_null_default.rc
index 5b74761..1f2fa2c 100755
--- a/tests/t_server_null_default.rc
+++ b/tests/t_server_null_default.rc
@@ -38,7 +38,7 @@
MAX_CLIENTS="10"
CLIENT_MATCH="Test-Client"
SERVER_EXEC="${top_builddir}/src/openvpn/openvpn"
-SERVER_BASE_OPTS="--daemon --dev tun --topology subnet --max-clients $MAX_CLIENTS --persist-tun --verb 3 --duplicate-cn"
+SERVER_BASE_OPTS="--dev tun --topology subnet --max-clients $MAX_CLIENTS --persist-tun --verb 3 --duplicate-cn"
SERVER_BIND_OPTS="--local 127.0.0.1"
SERVER_CIPHER_OPTS=""
SERVER_CERT_OPTS="--ca ${CA} --dh ${DH} --cert ${SERVER_CERT} --key ${SERVER_KEY} --tls-auth ${TA} 0"
diff --git a/tests/t_server_null_server.sh b/tests/t_server_null_server.sh
index acf8479..65b7d56 100755
--- a/tests/t_server_null_server.sh
+++ b/tests/t_server_null_server.sh
@@ -11,20 +11,18 @@
# Allow reading this file even umask values are strict
touch "$log"
- if [ -z "${RUN_SUDO}" ]; then
- "${server_exec}" \
- $server_conf \
- --status "${status}" 1 \
- --log "${log}" \
- --writepid "${pid}" \
- --explicit-exit-notify 3
- else
- $RUN_SUDO "${server_exec}" \
- $server_conf \
- --status "${status}" 1 \
- --log "${log}" \
- --writepid "${pid}" \
- --explicit-exit-notify 3
+ # Try to launch the server
+ $RUN_SUDO "${server_exec}" \
+ $server_conf \
+ --status "${status}" 1 \
+ --writepid "${pid}" \
+ --explicit-exit-notify 3 > "$log" 2>&1 &
+
+ sleep 1
+
+ if ! [ -r "$pid" ] || [ -z "$pid" ]; then
+ echo "ERROR: failed to start server $server_name"
+ tail -n 20 "$log"
fi
}
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1024?usp=email
To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I39dc6b08952a06dae7901e468f9487c8541d83c3
Gerrit-Change-Number: 1024
Gerrit-PatchSet: 3
Gerrit-Owner: mattock <sa...@pr...>
Gerrit-Reviewer: flichtenheld <fr...@li...>
Gerrit-Reviewer: plaisthos <arn...@rf...>
Gerrit-CC: cron2 <ge...@gr...>
Gerrit-CC: openvpn-devel <ope...@li...>
Gerrit-Attention: plaisthos <arn...@rf...>
Gerrit-Attention: cron2 <ge...@gr...>
Gerrit-Attention: flichtenheld <fr...@li...>
Gerrit-MessageType: newpatchset
|
|
From: mattock (C. Review) <ge...@op...> - 2025-06-10 15:18:30
|
Attention is currently required from: cron2, flichtenheld, plaisthos.
Hello flichtenheld, plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/1024?usp=email
to look at the new patch set (#2).
The following approvals got outdated and were removed:
Code-Review-1 by flichtenheld
Change subject: t_server_null: print error when server startup fails
......................................................................
t_server_null: print error when server startup fails
The --daemon option has to be at the end of the command-line. Moreover,
if a pid-file is not found or is empty, launch a new server instance
without --log or --daemon so that the error message is printed properly.
Change-Id: I39dc6b08952a06dae7901e468f9487c8541d83c3
Signed-off-by: Samuli Seppänen <sam...@gm...>
---
M tests/t_server_null_default.rc
M tests/t_server_null_server.sh
2 files changed, 13 insertions(+), 15 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/24/1024/2
diff --git a/tests/t_server_null_default.rc b/tests/t_server_null_default.rc
index 5b74761..1f2fa2c 100755
--- a/tests/t_server_null_default.rc
+++ b/tests/t_server_null_default.rc
@@ -38,7 +38,7 @@
MAX_CLIENTS="10"
CLIENT_MATCH="Test-Client"
SERVER_EXEC="${top_builddir}/src/openvpn/openvpn"
-SERVER_BASE_OPTS="--daemon --dev tun --topology subnet --max-clients $MAX_CLIENTS --persist-tun --verb 3 --duplicate-cn"
+SERVER_BASE_OPTS="--dev tun --topology subnet --max-clients $MAX_CLIENTS --persist-tun --verb 3 --duplicate-cn"
SERVER_BIND_OPTS="--local 127.0.0.1"
SERVER_CIPHER_OPTS=""
SERVER_CERT_OPTS="--ca ${CA} --dh ${DH} --cert ${SERVER_CERT} --key ${SERVER_KEY} --tls-auth ${TA} 0"
diff --git a/tests/t_server_null_server.sh b/tests/t_server_null_server.sh
index acf8479..716a9e5 100755
--- a/tests/t_server_null_server.sh
+++ b/tests/t_server_null_server.sh
@@ -11,20 +11,18 @@
# Allow reading this file even umask values are strict
touch "$log"
- if [ -z "${RUN_SUDO}" ]; then
- "${server_exec}" \
- $server_conf \
- --status "${status}" 1 \
- --log "${log}" \
- --writepid "${pid}" \
- --explicit-exit-notify 3
- else
- $RUN_SUDO "${server_exec}" \
- $server_conf \
- --status "${status}" 1 \
- --log "${log}" \
- --writepid "${pid}" \
- --explicit-exit-notify 3
+ # Try to launch the server
+ $RUN_SUDO "${server_exec}" \
+ $server_conf \
+ --status "${status}" 1 \
+ --writepid "${pid}" \
+ --explicit-exit-notify 3 > "$log" &
+
+ sleep 1
+
+ if ! [ -r "$pid" ] || [ -z "$pid" ]; then
+ echo "ERROR: failed to start server $server_name"
+ tail -n 20 "$log"
fi
}
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1024?usp=email
To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I39dc6b08952a06dae7901e468f9487c8541d83c3
Gerrit-Change-Number: 1024
Gerrit-PatchSet: 2
Gerrit-Owner: mattock <sa...@pr...>
Gerrit-Reviewer: flichtenheld <fr...@li...>
Gerrit-Reviewer: plaisthos <arn...@rf...>
Gerrit-CC: cron2 <ge...@gr...>
Gerrit-CC: openvpn-devel <ope...@li...>
Gerrit-Attention: plaisthos <arn...@rf...>
Gerrit-Attention: cron2 <ge...@gr...>
Gerrit-Attention: flichtenheld <fr...@li...>
Gerrit-MessageType: newpatchset
|
|
From: cron2 (C. Review) <ge...@op...> - 2025-06-09 17:46:38
|
cron2 has submitted this change. ( http://gerrit.openvpn.net/c/openvpn/+/1040?usp=email ) Change subject: dco_linux: enable extended netlink error reporting ...................................................................... dco_linux: enable extended netlink error reporting The ovpn netlink code reports more verbose error strings to help userspace understand what went wrong, rather than just returning, for example, -EINVAL. However, userspace must instruct the kernel netlink subsystem that it wants to receive such strings. code for parsing such strings has always been present but it was never used. Set the socket option which enables such reporting. Change-Id: I4457b1d7262e0a39c275d33aaef6c4bcbeae6ab3 Signed-off-by: Antonio Quartulli <an...@ma...> Acked-by: Gert Doering <ge...@gr...> Message-Id: <202...@gr...> URL: https://www.mail-archive.com/ope...@li.../msg31885.html Signed-off-by: Gert Doering <ge...@gr...> --- M src/openvpn/dco_linux.c 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c index 49dbdad..0345413 100644 --- a/src/openvpn/dco_linux.c +++ b/src/openvpn/dco_linux.c @@ -367,19 +367,19 @@ { len = strnlen((char *)nla_data(tb_msg[NLMSGERR_ATTR_MSG]), nla_len(tb_msg[NLMSGERR_ATTR_MSG])); - msg(M_WARN, "kernel error: %*s\n", len, + msg(M_WARN, "kernel error: %*s", len, (char *)nla_data(tb_msg[NLMSGERR_ATTR_MSG])); } if (tb_msg[OVPN_NLMSGERR_ATTR_MISS_NEST]) { - msg(M_WARN, "kernel error: missing required nesting type %u\n", + msg(M_WARN, "kernel error: missing required nesting type %u", nla_get_u32(tb_msg[OVPN_NLMSGERR_ATTR_MISS_NEST])); } if (tb_msg[OVPN_NLMSGERR_ATTR_MISS_TYPE]) { - msg(M_WARN, "kernel error: missing required attribute type %u\n", + msg(M_WARN, "kernel error: missing required attribute type %u", nla_get_u32(tb_msg[OVPN_NLMSGERR_ATTR_MISS_TYPE])); } @@ -405,6 +405,11 @@ nl_geterror(ret)); } + /* enable Extended ACK for detailed error reporting */ + ret = 1; + setsockopt(nl_socket_get_fd(dco->nl_sock), SOL_NETLINK, NETLINK_EXT_ACK, + &ret, sizeof(ret)); + /* set close on exec and non-block on the netlink socket */ set_cloexec(nl_socket_get_fd(dco->nl_sock)); set_nonblock(nl_socket_get_fd(dco->nl_sock)); -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1040?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I4457b1d7262e0a39c275d33aaef6c4bcbeae6ab3 Gerrit-Change-Number: 1040 Gerrit-PatchSet: 3 Gerrit-Owner: ordex <an...@ma...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-MessageType: merged |
|
From: cron2 (C. Review) <ge...@op...> - 2025-06-09 17:46:35
|
cron2 has uploaded a new patch set (#3) to the change originally created by ordex. ( http://gerrit.openvpn.net/c/openvpn/+/1040?usp=email ) The following approvals got outdated and were removed: Code-Review+2 by cron2 Change subject: dco_linux: enable extended netlink error reporting ...................................................................... dco_linux: enable extended netlink error reporting The ovpn netlink code reports more verbose error strings to help userspace understand what went wrong, rather than just returning, for example, -EINVAL. However, userspace must instruct the kernel netlink subsystem that it wants to receive such strings. code for parsing such strings has always been present but it was never used. Set the socket option which enables such reporting. Change-Id: I4457b1d7262e0a39c275d33aaef6c4bcbeae6ab3 Signed-off-by: Antonio Quartulli <an...@ma...> Acked-by: Gert Doering <ge...@gr...> Message-Id: <202...@gr...> URL: https://www.mail-archive.com/ope...@li.../msg31885.html Signed-off-by: Gert Doering <ge...@gr...> --- M src/openvpn/dco_linux.c 1 file changed, 8 insertions(+), 3 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/40/1040/3 diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c index 49dbdad..0345413 100644 --- a/src/openvpn/dco_linux.c +++ b/src/openvpn/dco_linux.c @@ -367,19 +367,19 @@ { len = strnlen((char *)nla_data(tb_msg[NLMSGERR_ATTR_MSG]), nla_len(tb_msg[NLMSGERR_ATTR_MSG])); - msg(M_WARN, "kernel error: %*s\n", len, + msg(M_WARN, "kernel error: %*s", len, (char *)nla_data(tb_msg[NLMSGERR_ATTR_MSG])); } if (tb_msg[OVPN_NLMSGERR_ATTR_MISS_NEST]) { - msg(M_WARN, "kernel error: missing required nesting type %u\n", + msg(M_WARN, "kernel error: missing required nesting type %u", nla_get_u32(tb_msg[OVPN_NLMSGERR_ATTR_MISS_NEST])); } if (tb_msg[OVPN_NLMSGERR_ATTR_MISS_TYPE]) { - msg(M_WARN, "kernel error: missing required attribute type %u\n", + msg(M_WARN, "kernel error: missing required attribute type %u", nla_get_u32(tb_msg[OVPN_NLMSGERR_ATTR_MISS_TYPE])); } @@ -405,6 +405,11 @@ nl_geterror(ret)); } + /* enable Extended ACK for detailed error reporting */ + ret = 1; + setsockopt(nl_socket_get_fd(dco->nl_sock), SOL_NETLINK, NETLINK_EXT_ACK, + &ret, sizeof(ret)); + /* set close on exec and non-block on the netlink socket */ set_cloexec(nl_socket_get_fd(dco->nl_sock)); set_nonblock(nl_socket_get_fd(dco->nl_sock)); -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1040?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I4457b1d7262e0a39c275d33aaef6c4bcbeae6ab3 Gerrit-Change-Number: 1040 Gerrit-PatchSet: 3 Gerrit-Owner: ordex <an...@ma...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-MessageType: newpatchset |
|
From: Gert D. <ge...@gr...> - 2025-06-09 17:46:17
|
Tested, makes sense - I intentionally broke some code parts in dco_linux.c
that set up a peer, and instead of a not very helpful "-7" userspace now
gets a proper error string. Discovered the extra "\n" testing this, so
thanks for the v2 fix :-)
Your patch has been applied to the master branch.
commit ddbfbeca603eedddc12556b28e5cd9b022e9ea63
Author: Antonio Quartulli
Date: Mon Jun 9 12:02:10 2025 +0200
dco_linux: enable extended netlink error reporting
Signed-off-by: Antonio Quartulli <an...@ma...>
Acked-by: Gert Doering <ge...@gr...>
Message-Id: <202...@gr...>
URL: https://www.mail-archive.com/ope...@li.../msg31885.html
Signed-off-by: Gert Doering <ge...@gr...>
--
kind regards,
Gert Doering
|
|
From: Gert D. <ge...@gr...> - 2025-06-09 10:02:30
|
From: Antonio Quartulli <an...@ma...> The ovpn netlink code reports more verbose error strings to help userspace understand what went wrong, rather than just returning, for example, -EINVAL. However, userspace must instruct the kernel netlink subsystem that it wants to receive such strings. code for parsing such strings has always been present but it was never used. Set the socket option which enables such reporting. Change-Id: I4457b1d7262e0a39c275d33aaef6c4bcbeae6ab3 Signed-off-by: Antonio Quartulli <an...@ma...> Acked-by: Gert Doering <ge...@gr...> --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1040 This mail reflects revision 2 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering <ge...@gr...> diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c index 49dbdad..0345413 100644 --- a/src/openvpn/dco_linux.c +++ b/src/openvpn/dco_linux.c @@ -367,19 +367,19 @@ { len = strnlen((char *)nla_data(tb_msg[NLMSGERR_ATTR_MSG]), nla_len(tb_msg[NLMSGERR_ATTR_MSG])); - msg(M_WARN, "kernel error: %*s\n", len, + msg(M_WARN, "kernel error: %*s", len, (char *)nla_data(tb_msg[NLMSGERR_ATTR_MSG])); } if (tb_msg[OVPN_NLMSGERR_ATTR_MISS_NEST]) { - msg(M_WARN, "kernel error: missing required nesting type %u\n", + msg(M_WARN, "kernel error: missing required nesting type %u", nla_get_u32(tb_msg[OVPN_NLMSGERR_ATTR_MISS_NEST])); } if (tb_msg[OVPN_NLMSGERR_ATTR_MISS_TYPE]) { - msg(M_WARN, "kernel error: missing required attribute type %u\n", + msg(M_WARN, "kernel error: missing required attribute type %u", nla_get_u32(tb_msg[OVPN_NLMSGERR_ATTR_MISS_TYPE])); } @@ -405,6 +405,11 @@ nl_geterror(ret)); } + /* enable Extended ACK for detailed error reporting */ + ret = 1; + setsockopt(nl_socket_get_fd(dco->nl_sock), SOL_NETLINK, NETLINK_EXT_ACK, + &ret, sizeof(ret)); + /* set close on exec and non-block on the netlink socket */ set_cloexec(nl_socket_get_fd(dco->nl_sock)); set_nonblock(nl_socket_get_fd(dco->nl_sock)); |
|
From: cron2 (C. Review) <ge...@op...> - 2025-06-09 10:01:23
|
Attention is currently required from: flichtenheld, ordex, plaisthos. cron2 has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1040?usp=email ) Change subject: dco_linux: enable extended netlink error reporting ...................................................................... Patch Set 2: Code-Review+2 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1040?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I4457b1d7262e0a39c275d33aaef6c4bcbeae6ab3 Gerrit-Change-Number: 1040 Gerrit-PatchSet: 2 Gerrit-Owner: ordex <an...@ma...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-Attention: ordex <an...@ma...> Gerrit-Comment-Date: Mon, 09 Jun 2025 10:01:09 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment |
|
From: ordex (C. Review) <ge...@op...> - 2025-06-09 08:06:26
|
Attention is currently required from: cron2, flichtenheld, ordex, plaisthos.
Hello cron2, flichtenheld, plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/1040?usp=email
to look at the new patch set (#2).
The following approvals got outdated and were removed:
Code-Review-1 by cron2
Change subject: dco_linux: enable extended netlink error reporting
......................................................................
dco_linux: enable extended netlink error reporting
The ovpn netlink code reports more verbose error
strings to help userspace understand what went wrong,
rather than just returning, for example, -EINVAL.
However, userspace must instruct the kernel netlink
subsystem that it wants to receive such strings.
code for parsing such strings has always been present
but it was never used.
Set the socket option which enables such reporting.
Change-Id: I4457b1d7262e0a39c275d33aaef6c4bcbeae6ab3
Signed-off-by: Antonio Quartulli <an...@ma...>
---
M src/openvpn/dco_linux.c
1 file changed, 8 insertions(+), 3 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/40/1040/2
diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c
index 49dbdad..0345413 100644
--- a/src/openvpn/dco_linux.c
+++ b/src/openvpn/dco_linux.c
@@ -367,19 +367,19 @@
{
len = strnlen((char *)nla_data(tb_msg[NLMSGERR_ATTR_MSG]),
nla_len(tb_msg[NLMSGERR_ATTR_MSG]));
- msg(M_WARN, "kernel error: %*s\n", len,
+ msg(M_WARN, "kernel error: %*s", len,
(char *)nla_data(tb_msg[NLMSGERR_ATTR_MSG]));
}
if (tb_msg[OVPN_NLMSGERR_ATTR_MISS_NEST])
{
- msg(M_WARN, "kernel error: missing required nesting type %u\n",
+ msg(M_WARN, "kernel error: missing required nesting type %u",
nla_get_u32(tb_msg[OVPN_NLMSGERR_ATTR_MISS_NEST]));
}
if (tb_msg[OVPN_NLMSGERR_ATTR_MISS_TYPE])
{
- msg(M_WARN, "kernel error: missing required attribute type %u\n",
+ msg(M_WARN, "kernel error: missing required attribute type %u",
nla_get_u32(tb_msg[OVPN_NLMSGERR_ATTR_MISS_TYPE]));
}
@@ -405,6 +405,11 @@
nl_geterror(ret));
}
+ /* enable Extended ACK for detailed error reporting */
+ ret = 1;
+ setsockopt(nl_socket_get_fd(dco->nl_sock), SOL_NETLINK, NETLINK_EXT_ACK,
+ &ret, sizeof(ret));
+
/* set close on exec and non-block on the netlink socket */
set_cloexec(nl_socket_get_fd(dco->nl_sock));
set_nonblock(nl_socket_get_fd(dco->nl_sock));
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1040?usp=email
To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I4457b1d7262e0a39c275d33aaef6c4bcbeae6ab3
Gerrit-Change-Number: 1040
Gerrit-PatchSet: 2
Gerrit-Owner: ordex <an...@ma...>
Gerrit-Reviewer: cron2 <ge...@gr...>
Gerrit-Reviewer: flichtenheld <fr...@li...>
Gerrit-Reviewer: plaisthos <arn...@rf...>
Gerrit-CC: openvpn-devel <ope...@li...>
Gerrit-Attention: plaisthos <arn...@rf...>
Gerrit-Attention: cron2 <ge...@gr...>
Gerrit-Attention: flichtenheld <fr...@li...>
Gerrit-Attention: ordex <an...@ma...>
Gerrit-MessageType: newpatchset
|
|
From: cron2 (C. Review) <ge...@op...> - 2025-06-06 15:36:24
|
Attention is currently required from: flichtenheld, ordex, plaisthos. cron2 has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1040?usp=email ) Change subject: dco_linux: enable extended netlink error reporting ...................................................................... Patch Set 1: Code-Review-1 (1 comment) Patchset: PS1: This patch works and does what it says on the lid. Alas, when we're starting to fix error message printing, we also need to fix it for good... ``` if (tb_msg[NLMSGERR_ATTR_MSG]) { len = strnlen((char *)nla_data(tb_msg[NLMSGERR_ATTR_MSG]), nla_len(tb_msg[NLMSGERR_ATTR_MSG])); msg(M_WARN, "kernel error: %*s\n", len, (char *)nla_data(tb_msg[NLMSGERR_ATTR_MSG])); } ``` there is an extra `\n` which should not be there. Please :-) -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1040?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I4457b1d7262e0a39c275d33aaef6c4bcbeae6ab3 Gerrit-Change-Number: 1040 Gerrit-PatchSet: 1 Gerrit-Owner: ordex <an...@ma...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-Attention: ordex <an...@ma...> Gerrit-Comment-Date: Fri, 06 Jun 2025 12:54:08 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment |
|
From: ordex (C. Review) <ge...@op...> - 2025-06-06 15:31:25
|
Attention is currently required from: flichtenheld, plaisthos.
Hello plaisthos, flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/1040?usp=email
to review the following change.
Change subject: dco_linux: enable extended netlink error reporting
......................................................................
dco_linux: enable extended netlink error reporting
The ovpn netlink code reports more verbose error
strings to help userspace understand what went wrong,
rather than just returning, for example, -EINVAL.
However, userspace must instruct the kernel netlink
subsystem that it wants to receive such strings.
code for parsing such strings has always been present
but it was never used.
Set the socket option which enables such reporting.
Change-Id: I4457b1d7262e0a39c275d33aaef6c4bcbeae6ab3
Signed-off-by: Antonio Quartulli <an...@ma...>
---
M src/openvpn/dco_linux.c
1 file changed, 5 insertions(+), 0 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/40/1040/1
diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c
index 49dbdad..fcca9dc 100644
--- a/src/openvpn/dco_linux.c
+++ b/src/openvpn/dco_linux.c
@@ -405,6 +405,11 @@
nl_geterror(ret));
}
+ /* enable Extended ACK for detailed error reporting */
+ ret = 1;
+ setsockopt(nl_socket_get_fd(dco->nl_sock), SOL_NETLINK, NETLINK_EXT_ACK,
+ &ret, sizeof(ret));
+
/* set close on exec and non-block on the netlink socket */
set_cloexec(nl_socket_get_fd(dco->nl_sock));
set_nonblock(nl_socket_get_fd(dco->nl_sock));
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1040?usp=email
To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I4457b1d7262e0a39c275d33aaef6c4bcbeae6ab3
Gerrit-Change-Number: 1040
Gerrit-PatchSet: 1
Gerrit-Owner: ordex <an...@ma...>
Gerrit-Reviewer: flichtenheld <fr...@li...>
Gerrit-Reviewer: plaisthos <arn...@rf...>
Gerrit-CC: openvpn-devel <ope...@li...>
Gerrit-Attention: plaisthos <arn...@rf...>
Gerrit-Attention: flichtenheld <fr...@li...>
Gerrit-MessageType: newchange
|
|
From: its_Giaan (C. Review) <ge...@op...> - 2025-06-06 08:21:56
|
Attention is currently required from: flichtenheld, plaisthos.
Hello plaisthos, flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/1039?usp=email
to review the following change.
Change subject: Multi-socket: local_list clean-up
......................................................................
Multi-socket: local_list clean-up
Optimize the current local_list implementation
by replacing the static array with a resizable
one, as the static allocation serves no real
purpose, particularly on the client side.
Github: #682
Change-Id: I32effed9e273fbe8986d1f4e8da4a4d0ac216463
Signed-off-by: Gianmarco De Gregori <gia...@ma...>
---
M src/openvpn/options.c
M src/openvpn/options.h
2 files changed, 14 insertions(+), 5 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/39/1039/1
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 6ea01d4..70337b1 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -2212,12 +2212,20 @@
struct local_list *l = alloc_local_list_if_undef(ce, gc);
struct local_entry *e;
- if (l->len >= CONNECTION_LIST_SIZE)
+ if (l->len >= l->capacity)
{
- msg(msglevel, "Maximum number of 'local' options (%d) exceeded",
- CONNECTION_LIST_SIZE);
+ const int new_cap = l->capacity + 1;
+ const size_t elem_size = sizeof(*l->array);
- return NULL;
+ struct local_entry **new_array = gc_realloc(l->array, new_cap * elem_size, gc);
+ if (!new_array)
+ {
+ msg(msglevel, "Unable to process more local options: out of memory. Number of entries = %d", l->len);
+ return NULL;
+ }
+
+ l->array = new_array;
+ l->capacity = new_cap;
}
ALLOC_OBJ_CLEAR_GC(e, struct local_entry, gc);
diff --git a/src/openvpn/options.h b/src/openvpn/options.h
index b28ad58..46ec32b 100644
--- a/src/openvpn/options.h
+++ b/src/openvpn/options.h
@@ -188,8 +188,9 @@
struct local_list
{
+ int capacity;
int len;
- struct local_entry *array[CONNECTION_LIST_SIZE];
+ struct local_entry **array;
};
struct connection_list
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1039?usp=email
To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I32effed9e273fbe8986d1f4e8da4a4d0ac216463
Gerrit-Change-Number: 1039
Gerrit-PatchSet: 1
Gerrit-Owner: its_Giaan <gia...@ma...>
Gerrit-Reviewer: flichtenheld <fr...@li...>
Gerrit-Reviewer: plaisthos <arn...@rf...>
Gerrit-CC: openvpn-devel <ope...@li...>
Gerrit-Attention: plaisthos <arn...@rf...>
Gerrit-Attention: flichtenheld <fr...@li...>
Gerrit-MessageType: newchange
|
|
From: d12fk (C. Review) <ge...@op...> - 2025-06-05 10:21:39
|
Attention is currently required from: cron2, flichtenheld, plaisthos, stipa. d12fk has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/904?usp=email ) Change subject: dns: deal with --dhcp-options when --dns is active ...................................................................... Patch Set 22: (1 comment) File src/openvpn/options.c: http://gerrit.openvpn.net/c/openvpn/+/904/comment/99c9aa4d_22bf37c4 : PS15, Line 4299: tuntap_options_postprocess_dns(o); > I have thought about this a while now, and would suggest to do the following […] Think all this is covered in the latest push, please check. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/904?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I635c4018fb43b5976a39b6a90cb2e9cb2570cd6a Gerrit-Change-Number: 904 Gerrit-PatchSet: 22 Gerrit-Owner: d12fk <he...@op...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-Reviewer: stipa <lst...@gm...> Gerrit-CC: cron2 <ge...@gr...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: cron2 <ge...@gr...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-Attention: stipa <lst...@gm...> Gerrit-Comment-Date: Thu, 05 Jun 2025 10:21:24 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: cron2 <ge...@gr...> Comment-In-Reply-To: d12fk <he...@op...> Comment-In-Reply-To: stipa <lst...@gm...> Gerrit-MessageType: comment |
|
From: d12fk (C. Review) <ge...@op...> - 2025-06-04 23:16:33
|
Attention is currently required from: d12fk, flichtenheld, plaisthos, stipa.
Hello flichtenheld, plaisthos, stipa,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/904?usp=email
to look at the new patch set (#22).
The following approvals got outdated and were removed:
Code-Review+1 by stipa
Change subject: dns: deal with --dhcp-options when --dns is active
......................................................................
dns: deal with --dhcp-options when --dns is active
Since --dns settings overrule DNS related --dhcp-options,
remove the latter when values were defined via --dns.
To stay as backward compatible as possible, we add foreign_options to
the script hook environment from the --dns values when a --up script
is defined. In that case the default --dns-updown is not run, even
when --dns values are present, to prevent double DNS configuration.
This way an existing --up script that deals with DNS can run, without
the immediate need to change after an openvpn upgrade and a server
pushing --dns options.
If you specify a custom --dns-updown, or force running the default
dns-updown that comes with openvpn, those compat env vars are not set
for --up scripts and the dns-updown command is run, even when there's
an --up script present.
Since Android uses the DNS values from tuntap_options, we always
override those with --dns stuff unconditionally. Also on Windows when
--ip-win32 is dynamic or adaptive, since DHCP relies on these as well.
Change-Id: I635c4018fb43b5976a39b6a90cb2e9cb2570cd6a
Signed-off-by: Heiko Hund <he...@is...>
---
M src/openvpn/dns.c
M src/openvpn/dns.h
M src/openvpn/options.c
3 files changed, 323 insertions(+), 184 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/04/904/22
diff --git a/src/openvpn/dns.c b/src/openvpn/dns.c
index 7cf1b63..939ae09 100644
--- a/src/openvpn/dns.c
+++ b/src/openvpn/dns.c
@@ -691,7 +691,8 @@
static void
run_up_down_command(bool up, struct options *o, const struct tuntap *tt, struct dns_updown_runner_info *updown_runner)
{
- if (!o->dns_options.updown)
+ struct dns_options *dns = &o->dns_options;
+ if (!dns->updown || (o->up_script && !dns->user_set_updown))
{
return;
}
@@ -701,7 +702,7 @@
if (!updown_runner->required)
{
/* Run dns updown directly */
- status = do_run_up_down_command(up, NULL, &o->dns_options, tt);
+ status = do_run_up_down_command(up, NULL, dns, tt);
}
else
{
@@ -852,6 +853,14 @@
{
return;
}
+#ifdef _WIN32
+ /* Don't use iservice in DHCP mode */
+ struct tuntap_options *tto = &o->tuntap_options;
+ if (tto->ip_win32_type == IPW32_SET_DHCP_MASQ || tto->ip_win32_type == IPW32_SET_ADAPTIVE)
+ {
+ return;
+ }
+#endif
/* Warn about adding servers of unsupported AF */
const struct dns_server *s = o->dns_options.servers;
diff --git a/src/openvpn/dns.h b/src/openvpn/dns.h
index 60f5471..688daa7 100644
--- a/src/openvpn/dns.h
+++ b/src/openvpn/dns.h
@@ -76,7 +76,28 @@
#endif
};
+#ifndef N_DHCP_ADDR
+#define N_DHCP_ADDR 4
+#endif
+
+#ifndef N_SEARCH_LIST_LEN
+#define N_SEARCH_LIST_LEN 10
+#endif
+
+struct dhcp_options {
+ in_addr_t dns[N_DHCP_ADDR];
+ int dns_len;
+
+ struct in6_addr dns6[N_DHCP_ADDR];
+ int dns6_len;
+
+ const char *domain;
+ const char *domain_search_list[N_SEARCH_LIST_LEN];
+ int domain_search_list_len;
+};
+
struct dns_options {
+ struct dhcp_options from_dhcp;
struct dns_domain *search_domains;
struct dns_server *servers_prepull;
struct dns_server *servers;
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 6ea01d4..33f387c 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -1328,7 +1328,6 @@
#endif /* ifndef ENABLE_SMALL */
#endif /* ifdef _WIN32 */
-#if defined(_WIN32) || defined(TARGET_ANDROID)
static void
dhcp_option_dns6_parse(const char *parm, struct in6_addr *dns6_list, int *len, int msglevel)
{
@@ -1371,150 +1370,6 @@
}
}
-/*
- * If DNS options are set use these for TUN/TAP options as well.
- * Applies to DNS, DNS6 and DOMAIN-SEARCH.
- * Existing options will be discarded.
- */
-static void
-tuntap_options_copy_dns(struct options *o)
-{
- struct tuntap_options *tt = &o->tuntap_options;
- struct dns_options *dns = &o->dns_options;
-
- if (dns->search_domains)
- {
- tt->domain_search_list_len = 0;
- const struct dns_domain *domain = dns->search_domains;
- while (domain && tt->domain_search_list_len < N_SEARCH_LIST_LEN)
- {
- tt->domain_search_list[tt->domain_search_list_len++] = domain->name;
- domain = domain->next;
- }
- if (domain)
- {
- msg(M_WARN, "WARNING: couldn't copy all --dns search-domains to --dhcp-option");
- }
- tt->dhcp_options |= DHCP_OPTIONS_DHCP_REQUIRED;
- }
-
- if (dns->servers)
- {
- tt->dns_len = 0;
- tt->dns6_len = 0;
- bool overflow = false;
- const struct dns_server *server = dns->servers;
- while (server)
- {
- for (int i = 0; i < server->addr_count; ++i)
- {
- if (server->addr[i].family == AF_INET)
- {
- if (tt->dns_len >= N_DHCP_ADDR)
- {
- overflow = true;
- continue;
- }
- tt->dns[tt->dns_len++] = ntohl(server->addr[i].in.a4.s_addr);
- }
- else
- {
- if (tt->dns6_len >= N_DHCP_ADDR)
- {
- overflow = true;
- continue;
- }
- tt->dns6[tt->dns6_len++] = server->addr[i].in.a6;
- }
- }
- server = server->next;
- }
- if (overflow)
- {
- msg(M_WARN, "WARNING: couldn't copy all --dns server addresses to --dhcp-option");
- }
- tt->dhcp_options |= DHCP_OPTIONS_DHCP_OPTIONAL;
- }
-}
-#else /* if defined(_WIN32) || defined(TARGET_ANDROID) */
-static void
-foreign_options_copy_dns(struct options *o, struct env_set *es)
-{
- const struct dns_domain *domain = o->dns_options.search_domains;
- const struct dns_server *server = o->dns_options.servers;
- if (!domain && !server)
- {
- return;
- }
-
- /* reset the index since we're starting all over again */
- int opt_max = o->foreign_option_index;
- o->foreign_option_index = 0;
-
- for (int i = 1; i <= opt_max; ++i)
- {
- char name[32];
- snprintf(name, sizeof(name), "foreign_option_%d", i);
-
- const char *env_str = env_set_get(es, name);
- const char *value = strchr(env_str, '=') + 1;
- if ((domain && strstr(value, "dhcp-option DOMAIN-SEARCH") == value)
- || (server && strstr(value, "dhcp-option DNS") == value))
- {
- setenv_del(es, name);
- }
- else
- {
- setenv_foreign_option(o, &value, 1, es);
- }
- }
-
- struct gc_arena gc = gc_new();
-
- while (server)
- {
- for (size_t i = 0; i < server->addr_count; ++i)
- {
- if (server->addr[i].family == AF_INET)
- {
- const char *argv[] = {
- "dhcp-option",
- "DNS",
- print_in_addr_t(server->addr[i].in.a4.s_addr, 0, &gc)
- };
- setenv_foreign_option(o, argv, 3, es);
- }
- else
- {
- const char *argv[] = {
- "dhcp-option",
- "DNS6",
- print_in6_addr(server->addr[i].in.a6, 0, &gc)
- };
- setenv_foreign_option(o, argv, 3, es);
- }
- }
- server = server->next;
- }
- while (domain)
- {
- const char *argv[] = { "dhcp-option", "DOMAIN-SEARCH", domain->name };
- setenv_foreign_option(o, argv, 3, es);
- domain = domain->next;
- }
-
- gc_free(&gc);
-
- /* remove old leftover entries */
- while (o->foreign_option_index < opt_max)
- {
- char name[32];
- snprintf(name, sizeof(name), "foreign_option_%d", opt_max--);
- setenv_del(es, name);
- }
-}
-#endif /* if defined(_WIN32) || defined(TARGET_ANDROID) */
-
#ifndef ENABLE_SMALL
static const char *
print_vlan_accept(enum vlan_acceptable_frames mode)
@@ -3603,6 +3458,260 @@
}
}
+#if defined(_WIN32) || defined(TARGET_ANDROID)
+/**
+ * @brief Postprocess DNS related settings
+ *
+ * Set TUN/TAP DNS options with values from either --dns
+ * or --dhcp-option.
+ *
+ * @param o pointer to the options struct
+ */
+static void
+tuntap_options_postprocess_dns(struct options *o)
+{
+ struct dns_options *dns = &o->dns_options;
+ struct tuntap_options *tt = &o->tuntap_options;
+ if (!dns->servers)
+ {
+ /* Copy --dhcp-options to tuntap_options */
+ struct dhcp_options *dhcp = &dns->from_dhcp;
+ assert(sizeof(dhcp->dns) == sizeof(tt->dns));
+ assert(sizeof(dhcp->dns6) == sizeof(tt->dns6));
+ assert(sizeof(dhcp->domain_search_list) == sizeof(tt->domain_search_list));
+
+ tt->domain = dhcp->domain;
+ tt->dns_len = dhcp->dns_len;
+ tt->dns6_len = dhcp->dns6_len;
+
+ memcpy(tt->dns, dhcp->dns, sizeof(tt->dns));
+ memcpy(tt->dns6, dhcp->dns6, sizeof(tt->dns6));
+
+ tt->domain_search_list_len = dhcp->domain_search_list_len;
+ for (size_t i = 0; i < SIZE(tt->domain_search_list); ++i)
+ {
+ tt->domain_search_list[i] = dhcp->domain_search_list[i];
+ }
+
+ return;
+ }
+
+#if defined(_WIN32)
+ if (tt->ip_win32_type != IPW32_SET_DHCP_MASQ && tt->ip_win32_type != IPW32_SET_ADAPTIVE)
+ {
+ return; /* Not in DHCP mode */
+ }
+#endif /* if defined(_WIN32) */
+
+ /* Copy --dns options to tuntap_options */
+ const struct dns_domain *d = dns->search_domains;
+ while (d && tt->domain_search_list_len + 1 < N_SEARCH_LIST_LEN)
+ {
+ tt->domain_search_list[tt->domain_search_list_len++] = d->name;
+ d = d->next;
+ }
+ if (d)
+ {
+ msg(M_WARN, "WARNING: couldn't copy all --dns search-domains to TUN/TAP");
+ }
+
+ const struct dns_server *s = dns->servers;
+ while (s)
+ {
+ bool non_standard_server_port = false;
+ for (int i = 0; i < s->addr_count; ++i)
+ {
+ if (s->addr[i].port && s->addr[i].port != 53)
+ {
+ non_standard_server_port = true;
+ break;
+ }
+ }
+ if ((s->transport && s->transport != DNS_TRANSPORT_PLAIN)
+ || (s->dnssec && s->dnssec != DNS_SECURITY_NO)
+ || non_standard_server_port)
+ {
+ /* Skip servers requiring unsupported config to be set */
+ s = s->next;
+ }
+ else
+ {
+ bool overflow = false;
+ for (int i = 0; i < s->addr_count; ++i)
+ {
+ if (s->addr[i].family == AF_INET && tt->dns_len + 1 < N_DHCP_ADDR)
+ {
+ tt->dns[tt->dns_len++] = s->addr[i].in.a4.s_addr;
+ }
+ else if (tt->dns6_len + 1 < N_DHCP_ADDR)
+ {
+ tt->dns6[tt->dns6_len] = s->addr[i].in.a6;
+ }
+ else
+ {
+ overflow = true;
+ }
+ }
+ if (overflow)
+ {
+ msg(M_WARN, "WARNING: couldn't copy all --dns server addresses to TUN/TAP");
+ }
+ return;
+ }
+ }
+}
+
+#else /* if defined(_WIN32) || defined(TARGET_ANDROID) */
+
+/**
+ * @brief Postprocess DNS related settings
+ *
+ * Discard existing --dhcp-options from the env if needed and possibly
+ * replace them with values from --dns. If no --dns servers are set copy
+ * the --dhcp-option values over for --dns-updown runs.
+ *
+ * @param o pointer to the options struct
+ * @param es env set to modify potentially
+ */
+static void
+dhcp_options_postprocess_dns(struct options *o, struct env_set *es)
+{
+ struct gc_arena gc = gc_new();
+ struct dns_options *dns = &o->dns_options;
+
+ if (dns->servers || dns->user_set_updown)
+ {
+ /* Clean up env from --dhcp-option DNS config */
+ struct buffer name = alloc_buf_gc(OPTION_PARM_SIZE, &gc);
+ struct buffer value = alloc_buf_gc(OPTION_PARM_SIZE, &gc);
+
+ const int fo_count = o->foreign_option_index;
+ o->foreign_option_index = 0;
+
+ for (int i = 1; i <= fo_count; ++i)
+ {
+ buf_clear(&name);
+ buf_printf(&name, "foreign_option_%d", i);
+ const char *env_str = env_set_get(es, BSTR(&name));
+ const char *item_val = strchr(env_str, '=') + 1;
+ buf_clear(&value);
+ buf_printf(&value, "%s", item_val);
+
+ /* Remove foreign option item from env set */
+ env_set_del(es, BSTR(&name));
+
+ item_val = BSTR(&value);
+ if (strncmp(item_val, "dhcp-option ", 12) != 0
+ || (strncmp(item_val + 12, "ADAPTER-DOMAIN-SUFFIX ", 22) != 0
+ && strncmp(item_val + 12, "DOMAIN-SEARCH ", 14) != 0
+ && strncmp(item_val + 12, "DOMAIN ", 7) != 0
+ && strncmp(item_val + 12, "DNS6 ", 5) != 0
+ && strncmp(item_val + 12, "DNS ", 4) != 0))
+ {
+ /* Re-set the item with potentially updated name */
+ buf_clear(&name);
+ buf_printf(&name, "foreign_option_%d", ++o->foreign_option_index);
+ setenv_str(es, BSTR(&name), BSTR(&value));
+ }
+ }
+ }
+
+ if (!dns->servers)
+ {
+ /* Copy --dhcp-options to dns_options */
+ struct dhcp_options *dhcp = &dns->from_dhcp;
+
+ if (dhcp->dns_len || dhcp->dns6_len)
+ {
+ struct dns_domain **entry = &dns->search_domains;
+ ALLOC_OBJ_CLEAR_GC(*entry, struct dns_domain, &dns->gc);
+ struct dns_domain *new = *entry;
+ new->name = dhcp->domain;
+ entry = &new->next;
+
+ for (size_t i = 0; i < dhcp->domain_search_list_len; ++i)
+ {
+ ALLOC_OBJ_CLEAR_GC(*entry, struct dns_domain, &dns->gc);
+ struct dns_domain *new = *entry;
+ new->name = dhcp->domain_search_list[i];
+ entry = &new->next;
+ }
+
+ struct dns_server *server = dns_server_get(&dns->servers, 0, &dns->gc);
+ const size_t max_addrs = SIZE(server->addr);
+ for (size_t i = 0; i < dhcp->dns_len && server->addr_count < max_addrs; ++i)
+ {
+ server->addr[server->addr_count].in.a4.s_addr = htonl(dhcp->dns[i]);
+ server->addr[server->addr_count].family = AF_INET;
+ server->addr_count += 1;
+ }
+ for (size_t i = 0; i < dhcp->dns6_len && server->addr_count < max_addrs; ++i)
+ {
+ server->addr[server->addr_count].in.a6 = dhcp->dns6[i];
+ server->addr[server->addr_count].family = AF_INET6;
+ server->addr_count += 1;
+ }
+ }
+ }
+ else if (o->up_script && !dns->user_set_updown)
+ {
+ /* Set foreign option env vars from --dns config */
+ const char *p[] = { "dhcp-option", NULL, NULL };
+ size_t p_len = sizeof(p) / sizeof(p[0]);
+
+ p[1] = "DOMAIN";
+ const struct dns_domain *d = dns->search_domains;
+ while (d)
+ {
+ p[2] = d->name;
+ setenv_foreign_option(o, (const char **)p, p_len, es);
+ d = d->next;
+ }
+
+ const struct dns_server *s = dns->servers;
+ while (s)
+ {
+ bool non_standard_server_port = false;
+ for (int i = 0; i < s->addr_count; ++i)
+ {
+ if (s->addr[i].port && s->addr[i].port != 53)
+ {
+ non_standard_server_port = true;
+ break;
+ }
+ }
+ if ((s->transport && s->transport != DNS_TRANSPORT_PLAIN)
+ || (s->dnssec && s->dnssec != DNS_SECURITY_NO)
+ || non_standard_server_port)
+ {
+ /* Skip servers requiring unsupported config to be set */
+ s = s->next;
+ }
+ else
+ {
+ for (int i = 0; i < s->addr_count; ++i)
+ {
+ if (s->addr[i].family == AF_INET)
+ {
+ p[1] = "DNS";
+ p[2] = print_in_addr_t(s->addr[i].in.a4.s_addr, IA_NET_ORDER, &gc);
+ }
+ else
+ {
+ p[1] = "DNS6";
+ p[2] = print_in6_addr(s->addr[i].in.a6, 0, &gc);
+ }
+ setenv_foreign_option(o, (const char **)p, p_len, es);
+ }
+ break;
+ }
+ }
+ }
+
+ gc_free(&gc);
+}
+#endif /* if defined(_WIN32) || defined(TARGET_ANDROID) */
+
static void
options_postprocess_mutate(struct options *o, struct env_set *es)
{
@@ -3786,9 +3895,9 @@
else
{
#if defined(_WIN32) || defined(TARGET_ANDROID)
- tuntap_options_copy_dns(o);
+ tuntap_options_postprocess_dns(o);
#else
- foreign_options_copy_dns(o, es);
+ dhcp_options_postprocess_dns(o, es);
#endif
}
if (o->auth_token_generate && !o->auth_token_renewal)
@@ -4171,9 +4280,9 @@
{
dns_options_postprocess_pull(&o->dns_options);
#if defined(_WIN32) || defined(TARGET_ANDROID)
- tuntap_options_copy_dns(o);
+ tuntap_options_postprocess_dns(o);
#else
- foreign_options_copy_dns(o, es);
+ dhcp_options_postprocess_dns(o, es);
#endif
}
return success;
@@ -8162,18 +8271,43 @@
goto err;
}
}
-#if defined(_WIN32) || defined(TARGET_ANDROID)
else if (streq(p[0], "dhcp-option") && p[1])
{
+ struct dhcp_options *dhcp = &options->dns_options.from_dhcp;
+#if defined(_WIN32) || defined(TARGET_ANDROID)
struct tuntap_options *o = &options->tuntap_options;
+#endif
VERIFY_PERMISSION(OPT_P_DHCPDNS);
- if ((streq(p[1], "DOMAIN") || streq(p[1], "ADAPTER_DOMAIN_SUFFIX"))
- && p[2] && !p[3])
+ if ((streq(p[1], "DOMAIN") || streq(p[1], "ADAPTER_DOMAIN_SUFFIX")) && p[2] && !p[3])
{
- o->domain = p[2];
- o->dhcp_options |= DHCP_OPTIONS_DHCP_OPTIONAL;
+ dhcp->domain = p[2];
}
+ else if (streq(p[1], "DOMAIN-SEARCH") && p[2] && !p[3])
+ {
+ if (dhcp->domain_search_list_len < N_SEARCH_LIST_LEN)
+ {
+ dhcp->domain_search_list[dhcp->domain_search_list_len++] = p[2];
+ }
+ else
+ {
+ msg(msglevel, "--dhcp-option %s: maximum of %d search entries can be specified",
+ p[1], N_SEARCH_LIST_LEN);
+ }
+ }
+ else if ((streq(p[1], "DNS") || streq(p[1], "DNS6")) && p[2] && !p[3]
+ && (!strstr(p[2], ":") || ipv6_addr_safe(p[2])))
+ {
+ if (strstr(p[2], ":"))
+ {
+ dhcp_option_dns6_parse(p[2], dhcp->dns6, &dhcp->dns6_len, msglevel);
+ }
+ else
+ {
+ dhcp_option_address_parse("DNS", p[2], dhcp->dns, &dhcp->dns_len, msglevel);
+ }
+ }
+#if defined(_WIN32) || defined(TARGET_ANDROID)
else if (streq(p[1], "NBS") && p[2] && !p[3])
{
o->netbios_scope = p[2];
@@ -8191,23 +8325,9 @@
o->netbios_node_type = t;
o->dhcp_options |= DHCP_OPTIONS_DHCP_REQUIRED;
}
- else if ((streq(p[1], "DNS") || streq(p[1], "DNS6")) && p[2] && !p[3]
- && (!strstr(p[2], ":") || ipv6_addr_safe(p[2])))
- {
- if (strstr(p[2], ":"))
- {
- dhcp_option_dns6_parse(p[2], o->dns6, &o->dns6_len, msglevel);
- }
- else
- {
- dhcp_option_address_parse("DNS", p[2], o->dns, &o->dns_len, msglevel);
- o->dhcp_options |= DHCP_OPTIONS_DHCP_OPTIONAL;
- }
- }
else if (streq(p[1], "WINS") && p[2] && !p[3])
{
dhcp_option_address_parse("WINS", p[2], o->wins, &o->wins_len, msglevel);
- o->dhcp_options |= DHCP_OPTIONS_DHCP_OPTIONAL;
}
else if (streq(p[1], "NTP") && p[2] && !p[3])
{
@@ -8219,19 +8339,6 @@
dhcp_option_address_parse("NBDD", p[2], o->nbdd, &o->nbdd_len, msglevel);
o->dhcp_options |= DHCP_OPTIONS_DHCP_REQUIRED;
}
- else if (streq(p[1], "DOMAIN-SEARCH") && p[2] && !p[3])
- {
- if (o->domain_search_list_len < N_SEARCH_LIST_LEN)
- {
- o->domain_search_list[o->domain_search_list_len++] = p[2];
- }
- else
- {
- msg(msglevel, "--dhcp-option %s: maximum of %d search entries can be specified",
- p[1], N_SEARCH_LIST_LEN);
- }
- o->dhcp_options |= DHCP_OPTIONS_DHCP_OPTIONAL;
- }
else if (streq(p[1], "DISABLE-NBT") && !p[2])
{
o->disable_nbt = 1;
@@ -8249,8 +8356,10 @@
msg(msglevel, "--dhcp-option: unknown option type '%s' or missing or unknown parameter", p[1]);
goto err;
}
- }
+#else /* if defined(_WIN32) || defined(TARGET_ANDROID) */
+ setenv_foreign_option(options, (const char **)p, 3, es);
#endif /* if defined(_WIN32) || defined(TARGET_ANDROID) */
+ }
#ifdef _WIN32
else if (streq(p[0], "show-adapters") && !p[1])
{
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/904?usp=email
To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I635c4018fb43b5976a39b6a90cb2e9cb2570cd6a
Gerrit-Change-Number: 904
Gerrit-PatchSet: 22
Gerrit-Owner: d12fk <he...@op...>
Gerrit-Reviewer: flichtenheld <fr...@li...>
Gerrit-Reviewer: plaisthos <arn...@rf...>
Gerrit-Reviewer: stipa <lst...@gm...>
Gerrit-CC: cron2 <ge...@gr...>
Gerrit-CC: openvpn-devel <ope...@li...>
Gerrit-Attention: plaisthos <arn...@rf...>
Gerrit-Attention: flichtenheld <fr...@li...>
Gerrit-Attention: d12fk <he...@op...>
Gerrit-Attention: stipa <lst...@gm...>
Gerrit-MessageType: newpatchset
|
|
From: Ralf L. <ra...@ma...> - 2025-06-04 13:42:27
|
openvpn implements the `--mark` option, which utilizes the `SO_MARK` Linux socket option. However, in the UDP code path, the socket's `sk_mark` value is not currently propagated to `skb` objects that pass through our socket. This commit ensures proper inheritance of the field by assigning `sk_mark` to `skb->mark` before handing the `skb` to the network stack for transmission. Signed-off-by: Ralf Lici <ra...@ma...> --- drivers/net/ovpn/udp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/net/ovpn/udp.c b/drivers/net/ovpn/udp.c index b4fbebad8f45..4f9c9a9a889a 100644 --- a/drivers/net/ovpn/udp.c +++ b/drivers/net/ovpn/udp.c @@ -344,6 +344,7 @@ void ovpn_udp_send_skb(struct ovpn_peer *peer, struct sock *sk, int ret; skb->dev = peer->ovpn->dev; + skb->mark = READ_ONCE(sk->sk_mark); /* no checksum performed at this layer */ skb->ip_summed = CHECKSUM_NONE; -- 2.49.0 |
|
From: cron2 (C. Review) <ge...@op...> - 2025-06-03 16:36:54
|
cron2 has uploaded a new patch set (#2) to the change originally created by flichtenheld. ( http://gerrit.openvpn.net/c/openvpn/+/1030?usp=email ) The following approvals got outdated and were removed: Code-Review+2 by cron2 Change subject: Fix various badly placed comments in preparation for reformat ...................................................................... Fix various badly placed comments in preparation for reformat Change-Id: I83831060fdf5588a0ada8d6abbedc7ce3ded4182 Signed-off-by: Frank Lichtenheld <fr...@li...> Acked-by: Gert Doering <ge...@gr...> Message-Id: <202...@gr...> URL: https://www.mail-archive.com/ope...@li.../msg31872.html Signed-off-by: Gert Doering <ge...@gr...> --- M src/openvpn/buffer.c M src/openvpn/multi_io.c M src/openvpn/networking.h M src/openvpn/options.c M src/openvpn/otime.c M src/openvpn/otime.h M src/openvpn/tun.h 7 files changed, 15 insertions(+), 8 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/30/1030/2 diff --git a/src/openvpn/buffer.c b/src/openvpn/buffer.c index fd81323..dd6044b 100644 --- a/src/openvpn/buffer.c +++ b/src/openvpn/buffer.c @@ -910,7 +910,8 @@ { return true; } - if ((flags & CC_PRINT) && (c >= 32 && c != 127)) /* allow ascii non-control and UTF-8, consider DEL to be a control */ + /* allow ascii non-control and UTF-8, consider DEL to be a control */ + if ((flags & CC_PRINT) && (c >= 32 && c != 127)) { return true; } diff --git a/src/openvpn/multi_io.c b/src/openvpn/multi_io.c index 2bce272..4854f4b 100644 --- a/src/openvpn/multi_io.c +++ b/src/openvpn/multi_io.c @@ -247,7 +247,8 @@ case TA_TUN_WRITE: looking_for = TUN_WRITE; tun_input_pending = NULL; - c->c2.timeval.tv_sec = 1; /* For some reason, the Linux 2.2 TUN/TAP driver hits this timeout */ + /* For some reason, the Linux 2.2 TUN/TAP driver hits this timeout */ + c->c2.timeval.tv_sec = 1; perf_push(PERF_PROC_OUT_TUN_MTCP); io_wait(c, IOW_TO_TUN); perf_pop(); diff --git a/src/openvpn/networking.h b/src/openvpn/networking.h index 6f5a6d6..0ba4963 100644 --- a/src/openvpn/networking.h +++ b/src/openvpn/networking.h @@ -302,7 +302,7 @@ int metric); /** - * Delete a route for an IPv4 address/network + * Delete a route for an IPv6 address/network * * @param ctx the implementation specific context * @param dst the destination of the route diff --git a/src/openvpn/options.c b/src/openvpn/options.c index b9708343..6ea01d4 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -8392,9 +8392,10 @@ VERIFY_PERMISSION(OPT_P_DHCPDNS); setenv_foreign_option(options, (const char **)p, 3, es); } - else if (streq(p[0], "route-method") && p[1] && !p[2]) /* ignore when pushed to non-Windows OS */ + else if (streq(p[0], "route-method") && p[1] && !p[2]) { VERIFY_PERMISSION(OPT_P_ROUTE_EXTRAS); + /* ignore when pushed to non-Windows OS */ } #endif /* ifdef _WIN32 */ #if PASSTOS_CAPABILITY diff --git a/src/openvpn/otime.c b/src/openvpn/otime.c index e604a28..d423067 100644 --- a/src/openvpn/otime.c +++ b/src/openvpn/otime.c @@ -44,8 +44,10 @@ void update_now(const time_t system_time) { - const int forward_threshold = 86400; /* threshold at which to dampen forward jumps */ - const int backward_trigger = 10; /* backward jump must be >= this many seconds before we adjust */ + /* threshold at which to dampen forward jumps */ + const int forward_threshold = 86400; + /* backward jump must be >= this many seconds before we adjust */ + const int backward_trigger = 10; time_t real_time = system_time + now_adj; if (real_time > now) diff --git a/src/openvpn/otime.h b/src/openvpn/otime.h index 5c3e86f..448389d 100644 --- a/src/openvpn/otime.h +++ b/src/openvpn/otime.h @@ -246,7 +246,8 @@ static inline bool tv_within_sigma(const struct timeval *t1, const struct timeval *t2, unsigned int sigma) { - const int delta = tv_subtract(t1, t2, TV_WITHIN_SIGMA_MAX_SEC); /* sigma should be less than 10 minutes */ + /* sigma should be less than 10 minutes */ + const int delta = tv_subtract(t1, t2, TV_WITHIN_SIGMA_MAX_SEC); return -(int)sigma <= delta && delta <= (int)sigma; } diff --git a/src/openvpn/tun.h b/src/openvpn/tun.h index ec0f4da..5407e47 100644 --- a/src/openvpn/tun.h +++ b/src/openvpn/tun.h @@ -212,7 +212,8 @@ #ifdef _WIN32 HANDLE hand; - OVERLAPPED dco_new_peer_ov; /* used for async NEW_PEER dco call, which might wait for TCP connect */ + /* used for async NEW_PEER dco call, which might wait for TCP connect */ + OVERLAPPED dco_new_peer_ov; struct overlapped_io reads; struct overlapped_io writes; struct rw_handle rw_handle; -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1030?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I83831060fdf5588a0ada8d6abbedc7ce3ded4182 Gerrit-Change-Number: 1030 Gerrit-PatchSet: 2 Gerrit-Owner: flichtenheld <fr...@li...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-MessageType: newpatchset |
|
From: cron2 (C. Review) <ge...@op...> - 2025-06-03 16:36:54
|
cron2 has submitted this change. ( http://gerrit.openvpn.net/c/openvpn/+/1030?usp=email ) Change subject: Fix various badly placed comments in preparation for reformat ...................................................................... Fix various badly placed comments in preparation for reformat Change-Id: I83831060fdf5588a0ada8d6abbedc7ce3ded4182 Signed-off-by: Frank Lichtenheld <fr...@li...> Acked-by: Gert Doering <ge...@gr...> Message-Id: <202...@gr...> URL: https://www.mail-archive.com/ope...@li.../msg31872.html Signed-off-by: Gert Doering <ge...@gr...> --- M src/openvpn/buffer.c M src/openvpn/multi_io.c M src/openvpn/networking.h M src/openvpn/options.c M src/openvpn/otime.c M src/openvpn/otime.h M src/openvpn/tun.h 7 files changed, 15 insertions(+), 8 deletions(-) diff --git a/src/openvpn/buffer.c b/src/openvpn/buffer.c index fd81323..dd6044b 100644 --- a/src/openvpn/buffer.c +++ b/src/openvpn/buffer.c @@ -910,7 +910,8 @@ { return true; } - if ((flags & CC_PRINT) && (c >= 32 && c != 127)) /* allow ascii non-control and UTF-8, consider DEL to be a control */ + /* allow ascii non-control and UTF-8, consider DEL to be a control */ + if ((flags & CC_PRINT) && (c >= 32 && c != 127)) { return true; } diff --git a/src/openvpn/multi_io.c b/src/openvpn/multi_io.c index 2bce272..4854f4b 100644 --- a/src/openvpn/multi_io.c +++ b/src/openvpn/multi_io.c @@ -247,7 +247,8 @@ case TA_TUN_WRITE: looking_for = TUN_WRITE; tun_input_pending = NULL; - c->c2.timeval.tv_sec = 1; /* For some reason, the Linux 2.2 TUN/TAP driver hits this timeout */ + /* For some reason, the Linux 2.2 TUN/TAP driver hits this timeout */ + c->c2.timeval.tv_sec = 1; perf_push(PERF_PROC_OUT_TUN_MTCP); io_wait(c, IOW_TO_TUN); perf_pop(); diff --git a/src/openvpn/networking.h b/src/openvpn/networking.h index 6f5a6d6..0ba4963 100644 --- a/src/openvpn/networking.h +++ b/src/openvpn/networking.h @@ -302,7 +302,7 @@ int metric); /** - * Delete a route for an IPv4 address/network + * Delete a route for an IPv6 address/network * * @param ctx the implementation specific context * @param dst the destination of the route diff --git a/src/openvpn/options.c b/src/openvpn/options.c index b9708343..6ea01d4 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -8392,9 +8392,10 @@ VERIFY_PERMISSION(OPT_P_DHCPDNS); setenv_foreign_option(options, (const char **)p, 3, es); } - else if (streq(p[0], "route-method") && p[1] && !p[2]) /* ignore when pushed to non-Windows OS */ + else if (streq(p[0], "route-method") && p[1] && !p[2]) { VERIFY_PERMISSION(OPT_P_ROUTE_EXTRAS); + /* ignore when pushed to non-Windows OS */ } #endif /* ifdef _WIN32 */ #if PASSTOS_CAPABILITY diff --git a/src/openvpn/otime.c b/src/openvpn/otime.c index e604a28..d423067 100644 --- a/src/openvpn/otime.c +++ b/src/openvpn/otime.c @@ -44,8 +44,10 @@ void update_now(const time_t system_time) { - const int forward_threshold = 86400; /* threshold at which to dampen forward jumps */ - const int backward_trigger = 10; /* backward jump must be >= this many seconds before we adjust */ + /* threshold at which to dampen forward jumps */ + const int forward_threshold = 86400; + /* backward jump must be >= this many seconds before we adjust */ + const int backward_trigger = 10; time_t real_time = system_time + now_adj; if (real_time > now) diff --git a/src/openvpn/otime.h b/src/openvpn/otime.h index 5c3e86f..448389d 100644 --- a/src/openvpn/otime.h +++ b/src/openvpn/otime.h @@ -246,7 +246,8 @@ static inline bool tv_within_sigma(const struct timeval *t1, const struct timeval *t2, unsigned int sigma) { - const int delta = tv_subtract(t1, t2, TV_WITHIN_SIGMA_MAX_SEC); /* sigma should be less than 10 minutes */ + /* sigma should be less than 10 minutes */ + const int delta = tv_subtract(t1, t2, TV_WITHIN_SIGMA_MAX_SEC); return -(int)sigma <= delta && delta <= (int)sigma; } diff --git a/src/openvpn/tun.h b/src/openvpn/tun.h index ec0f4da..5407e47 100644 --- a/src/openvpn/tun.h +++ b/src/openvpn/tun.h @@ -212,7 +212,8 @@ #ifdef _WIN32 HANDLE hand; - OVERLAPPED dco_new_peer_ov; /* used for async NEW_PEER dco call, which might wait for TCP connect */ + /* used for async NEW_PEER dco call, which might wait for TCP connect */ + OVERLAPPED dco_new_peer_ov; struct overlapped_io reads; struct overlapped_io writes; struct rw_handle rw_handle; -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1030?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I83831060fdf5588a0ada8d6abbedc7ce3ded4182 Gerrit-Change-Number: 1030 Gerrit-PatchSet: 2 Gerrit-Owner: flichtenheld <fr...@li...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-MessageType: merged |
|
From: Gert D. <ge...@gr...> - 2025-06-03 16:36:36
|
Only whitespace changes, but beyond what automatic tools will do
(without making them reformat everything). One comment bugfix.
Your patch has been applied to the master branch.
commit 9cc7c68bd8d42b9e1c02fd3f069d404b5c056b57
Author: Frank Lichtenheld
Date: Tue Jun 3 18:30:34 2025 +0200
Fix various badly placed comments in preparation for reformat
Signed-off-by: Frank Lichtenheld <fr...@li...>
Acked-by: Gert Doering <ge...@gr...>
Message-Id: <202...@gr...>
URL: https://www.mail-archive.com/ope...@li.../msg31872.html
Signed-off-by: Gert Doering <ge...@gr...>
--
kind regards,
Gert Doering
|
|
From: Gert D. <ge...@gr...> - 2025-06-03 16:30:49
|
From: Frank Lichtenheld <fr...@li...> Change-Id: I83831060fdf5588a0ada8d6abbedc7ce3ded4182 Signed-off-by: Frank Lichtenheld <fr...@li...> Acked-by: Gert Doering <ge...@gr...> --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1030 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering <ge...@gr...> diff --git a/src/openvpn/buffer.c b/src/openvpn/buffer.c index b2a5bf5..4b83eeb 100644 --- a/src/openvpn/buffer.c +++ b/src/openvpn/buffer.c @@ -910,7 +910,8 @@ { return true; } - if ((flags & CC_PRINT) && (c >= 32 && c != 127)) /* allow ascii non-control and UTF-8, consider DEL to be a control */ + /* allow ascii non-control and UTF-8, consider DEL to be a control */ + if ((flags & CC_PRINT) && (c >= 32 && c != 127)) { return true; } diff --git a/src/openvpn/multi_io.c b/src/openvpn/multi_io.c index 7f47319..6ab06bb 100644 --- a/src/openvpn/multi_io.c +++ b/src/openvpn/multi_io.c @@ -247,7 +247,8 @@ case TA_TUN_WRITE: looking_for = TUN_WRITE; tun_input_pending = NULL; - c->c2.timeval.tv_sec = 1; /* For some reason, the Linux 2.2 TUN/TAP driver hits this timeout */ + /* For some reason, the Linux 2.2 TUN/TAP driver hits this timeout */ + c->c2.timeval.tv_sec = 1; perf_push(PERF_PROC_OUT_TUN_MTCP); io_wait(c, IOW_TO_TUN); perf_pop(); diff --git a/src/openvpn/networking.h b/src/openvpn/networking.h index f06d6df..d9aca1e 100644 --- a/src/openvpn/networking.h +++ b/src/openvpn/networking.h @@ -302,7 +302,7 @@ int metric); /** - * Delete a route for an IPv4 address/network + * Delete a route for an IPv6 address/network * * @param ctx the implementation specific context * @param dst the destination of the route diff --git a/src/openvpn/options.c b/src/openvpn/options.c index bcc18a5..4528edd 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -8398,9 +8398,10 @@ VERIFY_PERMISSION(OPT_P_DHCPDNS); setenv_foreign_option(options, (const char **)p, 3, es); } - else if (streq(p[0], "route-method") && p[1] && !p[2]) /* ignore when pushed to non-Windows OS */ + else if (streq(p[0], "route-method") && p[1] && !p[2]) { VERIFY_PERMISSION(OPT_P_ROUTE_EXTRAS); + /* ignore when pushed to non-Windows OS */ } #endif /* ifdef _WIN32 */ #if PASSTOS_CAPABILITY diff --git a/src/openvpn/otime.c b/src/openvpn/otime.c index d77c99e..7a362e0 100644 --- a/src/openvpn/otime.c +++ b/src/openvpn/otime.c @@ -44,8 +44,10 @@ void update_now(const time_t system_time) { - const int forward_threshold = 86400; /* threshold at which to dampen forward jumps */ - const int backward_trigger = 10; /* backward jump must be >= this many seconds before we adjust */ + /* threshold at which to dampen forward jumps */ + const int forward_threshold = 86400; + /* backward jump must be >= this many seconds before we adjust */ + const int backward_trigger = 10; time_t real_time = system_time + now_adj; if (real_time > now) diff --git a/src/openvpn/otime.h b/src/openvpn/otime.h index 9543732..04aa5c6 100644 --- a/src/openvpn/otime.h +++ b/src/openvpn/otime.h @@ -246,7 +246,8 @@ static inline bool tv_within_sigma(const struct timeval *t1, const struct timeval *t2, unsigned int sigma) { - const int delta = tv_subtract(t1, t2, TV_WITHIN_SIGMA_MAX_SEC); /* sigma should be less than 10 minutes */ + /* sigma should be less than 10 minutes */ + const int delta = tv_subtract(t1, t2, TV_WITHIN_SIGMA_MAX_SEC); return -(int)sigma <= delta && delta <= (int)sigma; } diff --git a/src/openvpn/tun.h b/src/openvpn/tun.h index de1876a..379a31a 100644 --- a/src/openvpn/tun.h +++ b/src/openvpn/tun.h @@ -212,7 +212,8 @@ #ifdef _WIN32 HANDLE hand; - OVERLAPPED dco_new_peer_ov; /* used for async NEW_PEER dco call, which might wait for TCP connect */ + /* used for async NEW_PEER dco call, which might wait for TCP connect */ + OVERLAPPED dco_new_peer_ov; struct overlapped_io reads; struct overlapped_io writes; struct rw_handle rw_handle; |
|
From: cron2 (C. Review) <ge...@op...> - 2025-06-03 16:30:40
|
Attention is currently required from: flichtenheld, plaisthos. cron2 has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1030?usp=email ) Change subject: Fix various badly placed comments in preparation for reformat ...................................................................... Patch Set 1: Code-Review+2 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1030?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I83831060fdf5588a0ada8d6abbedc7ce3ded4182 Gerrit-Change-Number: 1030 Gerrit-PatchSet: 1 Gerrit-Owner: flichtenheld <fr...@li...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-Comment-Date: Tue, 03 Jun 2025 16:30:25 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment |
|
From: cron2 (C. Review) <ge...@op...> - 2025-06-03 14:26:51
|
cron2 has submitted this change. ( http://gerrit.openvpn.net/c/openvpn/+/1038?usp=email ) Change subject: t_server_null: Test different permutations of --dh ...................................................................... t_server_null: Test different permutations of --dh Do not include --dh by default, since we do not actually need it. Use the different servers for different ways of specifying it. Change-Id: I480442a55025bfcce7cb68ec7564ff33b0b780e2 Signed-off-by: Frank Lichtenheld <fr...@li...> Acked-by: Gert Doering <ge...@gr...> Message-Id: <202...@gr...> URL: https://www.mail-archive.com/ope...@li.../msg31868.html Signed-off-by: Gert Doering <ge...@gr...> --- M tests/t_server_null_default.rc 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/t_server_null_default.rc b/tests/t_server_null_default.rc index ca8004a..365b5a8 100755 --- a/tests/t_server_null_default.rc +++ b/tests/t_server_null_default.rc @@ -40,7 +40,7 @@ SERVER_EXEC="${top_builddir}/src/openvpn/openvpn" SERVER_BASE_OPTS="--daemon --local 127.0.0.1 --dev tun --topology subnet --max-clients $MAX_CLIENTS --persist-tun --verb 3 --duplicate-cn" SERVER_CIPHER_OPTS="" -SERVER_CERT_OPTS="--ca ${CA} --dh ${DH} --cert ${SERVER_CERT} --key ${SERVER_KEY} --tls-auth ${TA} 0" +SERVER_CERT_OPTS="--ca ${CA} --cert ${SERVER_CERT} --key ${SERVER_KEY} --tls-auth ${TA} 0" SERVER_CONF_BASE="${SERVER_BASE_OPTS} ${SERVER_CIPHER_OPTS} ${SERVER_CERT_OPTS}" TEST_SERVER_LIST="1 2 3" @@ -55,13 +55,13 @@ SERVER_SERVER_2="--server 10.29.42.0 255.255.255.0" SERVER_MGMT_PORT_2="11195" SERVER_EXEC_2="${SERVER_EXEC}" -SERVER_CONF_2="${SERVER_CONF_BASE} ${SERVER_SERVER_2} --lport 1195 --proto tcp --management 127.0.0.1 ${SERVER_MGMT_PORT_2}" +SERVER_CONF_2="${SERVER_CONF_BASE} ${SERVER_SERVER_2} --lport 1195 --proto tcp --management 127.0.0.1 ${SERVER_MGMT_PORT_2} --dh ${DH}" SERVER_NAME_3="t_server_null_server-1196_udp" SERVER_SERVER_3="--server 10.29.43.0 255.255.255.0" SERVER_MGMT_PORT_3="11196" SERVER_EXEC_3="${SERVER_EXEC}" -SERVER_CONF_3="${SERVER_CONF_BASE} ${SERVER_SERVER_3} --lport 1196 --proto udp --management 127.0.0.1 ${SERVER_MGMT_PORT_3} --cipher AES-192-CBC --data-ciphers DEFAULT:AES-192-CBC" +SERVER_CONF_3="${SERVER_CONF_BASE} ${SERVER_SERVER_3} --lport 1196 --proto udp --management 127.0.0.1 ${SERVER_MGMT_PORT_3} --dh none --cipher AES-192-CBC --data-ciphers DEFAULT:AES-192-CBC" # Test client configurations CLIENT_EXEC="${top_builddir}/src/openvpn/openvpn" -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1038?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I480442a55025bfcce7cb68ec7564ff33b0b780e2 Gerrit-Change-Number: 1038 Gerrit-PatchSet: 3 Gerrit-Owner: flichtenheld <fr...@li...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-MessageType: merged |
|
From: cron2 (C. Review) <ge...@op...> - 2025-06-03 14:26:50
|
cron2 has uploaded a new patch set (#3) to the change originally created by flichtenheld. ( http://gerrit.openvpn.net/c/openvpn/+/1038?usp=email ) The following approvals got outdated and were removed: Code-Review+2 by cron2 Change subject: t_server_null: Test different permutations of --dh ...................................................................... t_server_null: Test different permutations of --dh Do not include --dh by default, since we do not actually need it. Use the different servers for different ways of specifying it. Change-Id: I480442a55025bfcce7cb68ec7564ff33b0b780e2 Signed-off-by: Frank Lichtenheld <fr...@li...> Acked-by: Gert Doering <ge...@gr...> Message-Id: <202...@gr...> URL: https://www.mail-archive.com/ope...@li.../msg31868.html Signed-off-by: Gert Doering <ge...@gr...> --- M tests/t_server_null_default.rc 1 file changed, 3 insertions(+), 3 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/38/1038/3 diff --git a/tests/t_server_null_default.rc b/tests/t_server_null_default.rc index ca8004a..365b5a8 100755 --- a/tests/t_server_null_default.rc +++ b/tests/t_server_null_default.rc @@ -40,7 +40,7 @@ SERVER_EXEC="${top_builddir}/src/openvpn/openvpn" SERVER_BASE_OPTS="--daemon --local 127.0.0.1 --dev tun --topology subnet --max-clients $MAX_CLIENTS --persist-tun --verb 3 --duplicate-cn" SERVER_CIPHER_OPTS="" -SERVER_CERT_OPTS="--ca ${CA} --dh ${DH} --cert ${SERVER_CERT} --key ${SERVER_KEY} --tls-auth ${TA} 0" +SERVER_CERT_OPTS="--ca ${CA} --cert ${SERVER_CERT} --key ${SERVER_KEY} --tls-auth ${TA} 0" SERVER_CONF_BASE="${SERVER_BASE_OPTS} ${SERVER_CIPHER_OPTS} ${SERVER_CERT_OPTS}" TEST_SERVER_LIST="1 2 3" @@ -55,13 +55,13 @@ SERVER_SERVER_2="--server 10.29.42.0 255.255.255.0" SERVER_MGMT_PORT_2="11195" SERVER_EXEC_2="${SERVER_EXEC}" -SERVER_CONF_2="${SERVER_CONF_BASE} ${SERVER_SERVER_2} --lport 1195 --proto tcp --management 127.0.0.1 ${SERVER_MGMT_PORT_2}" +SERVER_CONF_2="${SERVER_CONF_BASE} ${SERVER_SERVER_2} --lport 1195 --proto tcp --management 127.0.0.1 ${SERVER_MGMT_PORT_2} --dh ${DH}" SERVER_NAME_3="t_server_null_server-1196_udp" SERVER_SERVER_3="--server 10.29.43.0 255.255.255.0" SERVER_MGMT_PORT_3="11196" SERVER_EXEC_3="${SERVER_EXEC}" -SERVER_CONF_3="${SERVER_CONF_BASE} ${SERVER_SERVER_3} --lport 1196 --proto udp --management 127.0.0.1 ${SERVER_MGMT_PORT_3} --cipher AES-192-CBC --data-ciphers DEFAULT:AES-192-CBC" +SERVER_CONF_3="${SERVER_CONF_BASE} ${SERVER_SERVER_3} --lport 1196 --proto udp --management 127.0.0.1 ${SERVER_MGMT_PORT_3} --dh none --cipher AES-192-CBC --data-ciphers DEFAULT:AES-192-CBC" # Test client configurations CLIENT_EXEC="${top_builddir}/src/openvpn/openvpn" -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1038?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I480442a55025bfcce7cb68ec7564ff33b0b780e2 Gerrit-Change-Number: 1038 Gerrit-PatchSet: 3 Gerrit-Owner: flichtenheld <fr...@li...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-MessageType: newpatchset |
153 messages has been excluded from this view by a project administrator.
