| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
v3:
* better comments
* better variable naming
* include sys/inotify.h if HAVE_SYS_INOTIFY_H is defined
v2:
More careful inotify_watchers handling
* Ensure that same multi_instance is added only once
* Ensure that multi_instance is always removed
v1:
This feature speeds up connection establishment in cases when async
authentication result is not ready when first push request arrives. At
the moment server sends push reply only when it receives next push
request, which comes 5 seconds later.
Implementation overview.
Add new configure option ENABLE_ASYNC_PUSH, which can be enabled if
system supports inotify.
Add inotify descriptor to an event loop. Add inotify watch for a
authentication control file. Store mapping between watch descriptor and
multi_instance in a dictionary. When file is closed, inotify fires an
event and we continue with connection establishment - call client-
connect etc and send push reply.
Inotify watch descriptor got automatically deleted after file is closed
or when file is removed. We catch that event and remove it from the
dictionary.
Feature is easily tested with sample "defer" plugin and following settings:
auth-user-pass-optional
setenv test_deferred_auth 3
plugin simple.so
Signed-off-by: Lev Stipakov <lstipakov@gmail.com>
Add doxygen comment
Acked-by: David Sommerseth <davids@redhat.com>
Message-Id: <1444493065-13506-1-git-send-email-lstipakov@gmail.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/10248
Signed-off-by: David Sommerseth <davids@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
The client-nat feature was always unconditionally enabled
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1442309019-7586-3-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/10109
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I was wrong to assume that adding the const qualifier to the pointer-to-
fixed-size-array contruction used in options_hash_changed_or_zero() was
allowed. GCC actually warns about this, but I was using clang and clang
seems to be fine with the contruction. To make GCC happy too, reintroduce
the md5_digest wrapped struct, and use that when passing around the digest.
This reverts the "struct md5_digest" parts of 827de237860813d2859a, but
keeps the rest.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1437910039-30101-1-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9949
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since we split daemonizing from changing directory in commit da9b292
(f025de005d719201a69ad0313d545a1ddd244752 in release/2.3), we can
now simply write the pid file immediately after daemonizing.
This not only fixes the bug reported in trac #563, but also further
simplifies the code.
trac #563
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1434665325-3225-1-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9793
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The MD5 wrapper functions were used in just a few places, which imho is
not worth the extra code. Instead of using these wrappers, just use
the generic md_ctx_*() functions directly.
The md5sum() function was only used for logging information that was not
useful to a user; first the full options string would be printed, and
later just the hash. That hash is less informative than the full
string, so why print it at all?
Finally, also removed save_pulled_options_digest(). The two times it
was called, it executed either one of the possible branches in the
function, where one of these needed a comment to explain what passing
NULL as newdigest is supposed to do...
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1430665631-4022-1-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9642
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove the --disable-ssl configure option and accompanying ENABLE_SSL
defines in the master/2.4 branch, to reduce the code and testing
complexity a bit.
This does not remove to runtime option to run without SSL, just the compile
time option to not include any SSL-related code.
During the community meeting in November 2014 there were no objections
amongst he developers present. Also, this has been announced on the -users
and -devel mailing lists two weeks ago, without any response whatsoever.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <54A4248A.1090501@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9371
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
| |
|
|
|
|
|
|
| |
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1404735142-31420-2-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8840
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and --http-proxy
Also introduce x_gc_addspeical function that allows to add objects with a
custom free function to the gc.
Some additional addrinfo cleanup
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1395576786-17507-1-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8386
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added support for the Snappy compression algorithm which has shown to
have considerably better compression speed than LZO at a comparable
compression ratio.
To enable Snappy add:
compress snappy
to both client and server config files.
Alternatively, enable compression framing on the client:
compress
and have the server selectively push "compress snappy" to the client.
This change also extends the client capability handshake to include
IV_SNAPPY so the server can be aware that a connecting client supports
Snappy.
Note that the Snappy implementation also includes an improved framing
approach where the first byte of the compressed payload is replaced by
the compression control byte (the first payload byte is moved to the end
of the packet). This solves off-by-one alignment issues, which improves
performance on ARM.
By default, the configure script will try to build with Snappy support.
To disable, use the --disable-snappy option.
The --enable-lzo-stub configure directive is now --enable-comp-stub
(because it's not actually "lzo" but "compression-enabled packet framing")
Add compression overhead to extra buffer unconditionally, as long
as USE_COMP is defined.
OpenVPN SVN r8206 (2.1.21a) and r8212 (2.1.21b)
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1366393268-27392-3-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7531
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Introduce an extra bool variable c2.pulled_options_md5_init_done to
keep track of md5_init state of pulled_options_state - avoid accessing
uninitialized state when a second PUSH_REPLY comes in (which only happens
under very particular circumstances).
Bug tracked down by Arne Schwabe <arne@rfc2549.rrg>.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: 20121225124856.GT22465@greenie.muc.de
URL: http://article.gmane.org/gmane.network.openvpn.devel/7216
Signed-off-by: David Sommerseth <davids@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the server is configured with UDP and --push statements, reconnecting
often fails by the client never receiving PUSH_REPLY. The client sends
PUSH_REQUEST and the server logs these requests but does not send them.
This bug got introduced in commit ff65da3a230b658b2c1d52dc1a48612e80a2eb42
which tries to avoid sending duplicated PUSH messages if the client/server
connection is slow.
This patch keeps this behaviour, but instead of a session wide PUSH_REPLY
block it sets an expiry time for the PUSH_REPLY block. The expiry time
is set to 30 seconds.
Signed-off-by: David Sommerseth <davids@redhat.com>
Cc: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: James Yonan <james@openvpn.net>
Message-Id: 1347154246-20143-1-git-send-email-dazo@users.sourceforge.net
URL: http://article.gmane.org/gmane.network.openvpn.devel/7044
|
| |
|
|
|
|
|
|
|
| |
+ Some fixups within the platform.c functions.
- need to check environment set on Windows.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Remove all references to gettimeofday() from main project.
SIDE EFFECT: mingw will use its own internal gettimeofday().
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
|
| |
|
|
|
|
| |
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Acked-by: Adriaan de Jong <dejong@fox-it.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
|
| |
|
|
|
|
|
| |
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Acked-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
|
|
|
Suitable for mature project.
root - administrative stuff
doc - documents
src - sources
tests - tests
distro - distro specific files
sample - samples
SIDE EFFECT: many changes to rpm spec.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Acked-by: Adriaan de Jong <dejong@fox-it.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
|
