Message ID | 20240206141057.46249-1-frank@lichtenheld.com |
---|---|
State | Accepted |
Headers | show |
Series | [Openvpn-devel] documentation: Update and fix documentation for --push-peer-info | expand |
Am 06.02.24 um 15:10 schrieb Frank Lichtenheld: > - description of IV_PROTO was outdated, missing a lot > of flags > - complete list of compression flags, but separate them out > - various other style/grammar/typo fixes > > Change-Id: I7f854a5a14d2a2a391ebb78a2a92b3e14cfd8be6 > Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> > --- > doc/man-sections/client-options.rst | 44 ++++++++++++++++++++--------- > 1 file changed, 31 insertions(+), 13 deletions(-) > > This patch should be applied to release/2.6 and master. > > diff --git a/doc/man-sections/client-options.rst b/doc/man-sections/client-options.rst > index 54c4ec63..cd3e565f 100644 > --- a/doc/man-sections/client-options.rst > +++ b/doc/man-sections/client-options.rst > @@ -339,31 +339,31 @@ configuration. > :code:`IV_PLAT=[linux|solaris|openbsd|mac|netbsd|freebsd|win]` > The client OS platform > > - :code:`IV_LZO_STUB=1` > - If client was built with LZO stub capability > - > - :code:`IV_LZ4=1` > - If the client supports LZ4 compressions. > - > :code:`IV_PROTO` > Details about protocol extensions that the peer supports. The > - variable is a bitfield and the bits are defined as follows > - (starting a bit 0 for the first (unused) bit: > + variable is a bitfield and the bits are defined as follows: > > + - bit 0: Reserved, should always be zero > - bit 1: The peer supports peer-id floating mechanism > - bit 2: The client expects a push-reply and the server may > send this reply without waiting for a push-request first. > - bit 3: The client is capable of doing key derivation using > RFC5705 key material exporter. > - bit 4: The client is capable of accepting additional arguments > - to the `AUTH_PENDING` message. > + to the ``AUTH_PENDING`` message. > + - bit 5: The client supports doing feature negotiation in P2P mode > + - bit 6: The client is capable of parsing and receiving the ``--dns`` pushed option > + - bit 7: The client is capable of sending exit notification via control channel using ``EXIT`` message. Also, the client is accepting the protocol-flags pushed option for the EKM capability > + - bit 8: The client is capable of accepting ``AUTH_FAILED,TEMP`` messages > + - bit 9: The client is capable of dynamic tls-crypt > > + :code:`IV_COMP_STUB=1` and :code:`IV_COMP_STUBv2=1` > + If the client supports stub compression. > + Maybe add a note that IV_COMP_STUB and IV_LZO_STUB are *not* identical or compatible. (byte swap) > > :code:`IV_PLAT_VER=x.y` > The version of the operating system, e.g. 6.1 for Windows 7. > + This is only sent on Windows operating systems. This is wrong. My android client also send this as setenv IV_PLAT_VER is allowed. And openvpn3 based clients also send this iirc. Arne
Your patch has been applied to the master branch. commit b66d545ce25689588c4dbd1fb525204c78871ed0 (master) commit 18fb30f7ad292f166805138c0ec3c2c920090364 (release/2.6) Author: Frank Lichtenheld Date: Tue Feb 6 15:10:57 2024 +0100 documentation: Update and fix documentation for --push-peer-info Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <20240206141057.46249-1-frank@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28178.html Signed-off-by: Gert Doering <gert@greenie.muc.de> -- kind regards, Gert Doering
Hi, On Tue, Feb 06, 2024 at 04:33:44PM +0100, Gert Doering wrote: > Your patch has been applied to the master branch. > > commit b66d545ce25689588c4dbd1fb525204c78871ed0 (master) > commit 18fb30f7ad292f166805138c0ec3c2c920090364 (release/2.6) > Author: Frank Lichtenheld > Date: Tue Feb 6 15:10:57 2024 +0100 > > documentation: Update and fix documentation for --push-peer-info > > Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> > Acked-by: Arne Schwabe <arne@rfc2549.org> Actually Arne did NOT ACK it yet, to the contrary, parts of the change are incorrect. Apologies - my fault, I did not check this as thoroughly as I do for code changes. gert
diff --git a/doc/man-sections/client-options.rst b/doc/man-sections/client-options.rst index 54c4ec63..cd3e565f 100644 --- a/doc/man-sections/client-options.rst +++ b/doc/man-sections/client-options.rst @@ -339,31 +339,31 @@ configuration. :code:`IV_PLAT=[linux|solaris|openbsd|mac|netbsd|freebsd|win]` The client OS platform - :code:`IV_LZO_STUB=1` - If client was built with LZO stub capability - - :code:`IV_LZ4=1` - If the client supports LZ4 compressions. - :code:`IV_PROTO` Details about protocol extensions that the peer supports. The - variable is a bitfield and the bits are defined as follows - (starting a bit 0 for the first (unused) bit: + variable is a bitfield and the bits are defined as follows: + - bit 0: Reserved, should always be zero - bit 1: The peer supports peer-id floating mechanism - bit 2: The client expects a push-reply and the server may send this reply without waiting for a push-request first. - bit 3: The client is capable of doing key derivation using RFC5705 key material exporter. - bit 4: The client is capable of accepting additional arguments - to the `AUTH_PENDING` message. + to the ``AUTH_PENDING`` message. + - bit 5: The client supports doing feature negotiation in P2P mode + - bit 6: The client is capable of parsing and receiving the ``--dns`` pushed option + - bit 7: The client is capable of sending exit notification via control channel using ``EXIT`` message. Also, the client is accepting the protocol-flags pushed option for the EKM capability + - bit 8: The client is capable of accepting ``AUTH_FAILED,TEMP`` messages + - bit 9: The client is capable of dynamic tls-crypt :code:`IV_NCP=2` Negotiable ciphers, client supports ``--cipher`` pushed by the server, a value of 2 or greater indicates client supports - *AES-GCM-128* and *AES-GCM-256*. + *AES-GCM-128* and *AES-GCM-256*. IV_NCP is *deprecated* in + favor of ``IV_CIPHERS``. - :code:`IV_CIPHERS=<ncp-ciphers>` + :code:`IV_CIPHERS=<data-ciphers>` The client announces the list of supported ciphers configured with the ``--data-ciphers`` option to the server. @@ -379,6 +379,23 @@ configuration. Additional authentication methods supported by the client. This may be set by the client UI/GUI using ``--setenv`` + The following flags depend on which compression formats are compiled in + and whether compression is allowed by options. See `Protocol options`_ + for more details. + + :code:`IV_LZO=1` + If client supports LZO compression. + + :code:`IV_LZO_STUB=1` + If client was built with LZO stub capability. This is only sent if + ``IV_LZO=1`` is not sent. + + :code:`IV_LZ4=1` and :code:`IV_LZ4v2=1` + If the client supports LZ4 compression. + + :code:`IV_COMP_STUB=1` and :code:`IV_COMP_STUBv2=1` + If the client supports stub compression. + When ``--push-peer-info`` is enabled the additional information consists of the following data: @@ -388,15 +405,16 @@ configuration. OpenVPN 2.x and some other implementations use the MAC address of the client's interface used to reach the default gateway. If this string is generated by the client, it should be consistent and - preserved across independent session and preferably + preserved across independent sessions and preferably re-installations and upgrades. :code:`IV_SSL=<version string>` - The ssl version used by the client, e.g. + The ssl library version used by the client, e.g. :code:`OpenSSL 1.0.2f 28 Jan 2016`. :code:`IV_PLAT_VER=x.y` The version of the operating system, e.g. 6.1 for Windows 7. + This is only sent on Windows operating systems. :code:`UV_<name>=<value>` Client environment variables whose names start with
- description of IV_PROTO was outdated, missing a lot of flags - complete list of compression flags, but separate them out - various other style/grammar/typo fixes Change-Id: I7f854a5a14d2a2a391ebb78a2a92b3e14cfd8be6 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> --- doc/man-sections/client-options.rst | 44 ++++++++++++++++++++--------- 1 file changed, 31 insertions(+), 13 deletions(-) This patch should be applied to release/2.6 and master.