From patchwork Mon May 5 10:54:43 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4234 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:e147:b0:656:592e:a137 with SMTP id nw7csp2188551mab; Mon, 5 May 2025 03:55:23 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCU4ncyxIL4Oh6UxDKAsYg3FLrdqELQz6psj/TM3qYhqOa+hNV8jySw/BLwl18X14mbAN5GbR+IOlNw=@openvpn.net X-Google-Smtp-Source: AGHT+IHT1IiyH66TJq9hJ6Ok99jETnYtyvua1cDToUvrRlGM6nLWjtZ5h7uCFuIpRIPuS2FCvFLC X-Received: by 2002:a05:6870:2487:b0:2cc:3d66:b6ea with SMTP id 586e51a60fabf-2dae867cd77mr3666944fac.34.1746442522861; Mon, 05 May 2025 03:55:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1746442522; cv=none; d=google.com; s=arc-20240605; b=k8Zl5UU1XnDb3sYprNRLWvShUyzydvTuskNjS6/zRPkfef24nVn/J6ypz+jZdxdsiF 4OkkEz4eg2nsf/XpW0tooygqgQPKeKWSuJ+fBsrkSRcUvADZH6rmn4XSlHjIi//3ZxR4 XY9iwU52j84oGKzXKLrdpNvOIlHK5Cf0JSOvHifeOBjNW4boZ5CtDcMaY81dFF+Kbb2A nAAe6VwbPgZucjSoNXZFbCaESCbrZnYGk6PTJtIZoQCCRJ+BjfGwfX5NOcefxgi9U2kn qm3Uar3utycGe9wZoECX0guXNMkxr3QVd74vxf4ZgI/zRFLahxQdKDD8ec7Oijf50ipm 2q1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=wdq/0I+DKxqrNsgg6w7l6z3956fRKYgFs1uzWoDxlS4=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=AZcJkwuaOTPk+yUSEg90V8ZYaWlWURG2Nscqoa9BKKKmX3j7+ysRPID0NBA52uKjYB 9/EElVxdny1tR5cfMXMbhKcBvgJHEUrRqP+mhYZ/AQZiGMaKJY6R4xKMzQIQtEfCcYjr rTClyFT+ilIeqRlty8yEZ0Ajl/5JiikQI+X/WZ9MBd1Sbw29sC96BK7ATXU1maWuyjTP ZlmOQtVstQGSaRWflVNbRlP6LkAtFpB0ekxvwda+M0REDsFacF8r6Z+fJg9vIrkuwpFJ FRRHjD1lKA1XMLuInO2tPFl5tFvSe+W1wnQXEysKokweuB3w+jJTKIO9+kmWm4+T3RN8 2DZw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=EST8DlzA; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=P+9XCtcQ; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=P4HfLpJy; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-2daa0ec0565si5148013fac.65.2025.05.05.03.55.22 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 05 May 2025 03:55:22 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=EST8DlzA; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=P+9XCtcQ; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=P4HfLpJy; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=wdq/0I+DKxqrNsgg6w7l6z3956fRKYgFs1uzWoDxlS4=; b=EST8DlzAknSGzUZkudiOJv+sok MT0CvWp1g8POd9q7sCixTbVulheQhtuIqmQZhLu4PZJBF+3V16/N6SEfQ//peJPHPQ8eeLlmIbip0 Li2rTnHNHNSS8WjJdxc7ty7pZ7jPjk7F/rXQm66NmHKQ6yJRE8DzMlPqBBIIBkPOILY0=; Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1uBtTk-0007oz-09; Mon, 05 May 2025 10:55:20 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1uBtTi-0007oS-9h for openvpn-devel@lists.sourceforge.net; Mon, 05 May 2025 10:55:18 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=xlK+tuIrvdWHsrnX04US4o+xE3RWBwHxNtWDc6isKSk=; b=P+9XCtcQ+yIt/MmtTZqsgi83in eQsbF/irnFGtKHXDYLOCeTH9DM6eroZdHUPpU+3OeuEmZaFJHCox+WtvrNV7+OMQX0Io2CMHKf5yE 2PwVxGOR+EGaKM/W88jRssgx9LXSCzZVuXR3htCmEC5Pq4smnOm+ZhoPkYJj6BSmxV48=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=xlK+tuIrvdWHsrnX04US4o+xE3RWBwHxNtWDc6isKSk=; b=P4HfLpJyT8eLNHj2MRk4FHCWYW cOdQU3F1pqysQ48lbFYoxbTQnJiFxyxA4tHsROo0OPGQLjkQG0AP87sunm/nvkVdOb+5+vOg/8lSN KntfUFhoSvu097vcOzXFjwguHLStZGGytUnxWWdD+AukT8GtCfx4OgfpgywO9t0fulHk=; Received: from [193.149.48.143] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1uBtTN-0004L0-97 for openvpn-devel@lists.sourceforge.net; Mon, 05 May 2025 10:55:15 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.17.1.9/8.17.1.9) with ESMTP id 545Asotw018848 for ; Mon, 5 May 2025 12:54:50 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.17.1.9/8.17.1.9/Submit) id 545AsosX018847 for openvpn-devel@lists.sourceforge.net; Mon, 5 May 2025 12:54:50 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Mon, 5 May 2025 12:54:43 +0200 Message-ID: <20250505105449.18826-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.7 (+) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Frank Lichtenheld When trying to reformat the code with a formatter that actually checks line-lengths, these never come out nice otherwise. Change-Id: I7f0ba2261b61f6eed511cbd8bb2e880d774d1365 Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering --- Content analysis details: (1.7 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [193.149.48.143 listed in bl.score.senderscore.com] 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [193.149.48.143 listed in sa-accredit.habeas.com] 0.4 NO_DNS_FOR_FROM DNS: Envelope sender has no MX or A DNS records 0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail) [SPF failed: Rejected by SPF record] 0.0 SPF_NONE SPF: sender does not publish an SPF Record 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1uBtTN-0004L0-97 Subject: [Openvpn-devel] [PATCH v16] Manually reformat some long trailing comments X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1831277714819208775?= X-GMAIL-MSGID: =?utf-8?q?1831277714819208775?= From: Frank Lichtenheld When trying to reformat the code with a formatter that actually checks line-lengths, these never come out nice otherwise. Change-Id: I7f0ba2261b61f6eed511cbd8bb2e880d774d1365 Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/792 This mail reflects revision 16 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/sample/sample-plugins/simple/base64.c b/sample/sample-plugins/simple/base64.c index 291f9e1..3a09eb5 100644 --- a/sample/sample-plugins/simple/base64.c +++ b/sample/sample-plugins/simple/base64.c @@ -31,10 +31,14 @@ #define PLUGIN_NAME "base64.c" /* Exported plug-in v3 API functions */ -plugin_log_t ovpn_log = NULL; /**< Pointer to the OpenVPN log function. See plugin_log() */ -plugin_vlog_t ovpn_vlog = NULL; /**< Pointer to the OpenVPN vlog function. See plugin_vlog() */ -plugin_base64_encode_t ovpn_base64_encode = NULL; /**< Pointer to the openvpn_base64_encode () function */ -plugin_base64_decode_t ovpn_base64_decode = NULL; /**< Pointer to the openvpn_base64_decode () function */ +/** Pointer to the OpenVPN log function. See plugin_log() */ +plugin_log_t ovpn_log = NULL; +/** Pointer to the OpenVPN vlog function. See plugin_vlog() */ +plugin_vlog_t ovpn_vlog = NULL; +/** Pointer to the openvpn_base64_encode () function */ +plugin_base64_encode_t ovpn_base64_encode = NULL; +/** Pointer to the openvpn_base64_decode () function */ +plugin_base64_decode_t ovpn_base64_decode = NULL; /** * Search the environment pointer for a specific env var name diff --git a/src/openvpn/comp.h b/src/openvpn/comp.h index 7eed331..f9f9598 100644 --- a/src/openvpn/comp.h +++ b/src/openvpn/comp.h @@ -36,20 +36,27 @@ #define COMP_F_ADAPTIVE (1<<0) / * COMP_ALG_LZO only * / #define COMP_F_ALLOW_COMPRESS (1<<1) / * not only incoming is compressed but also outgoing * / */ -#define COMP_F_SWAP (1<<2) /* initial command byte is swapped with last byte in buffer to preserve payload alignment */ -#define COMP_F_ADVERTISE_STUBS_ONLY (1<<3) /* tell server that we only support compression stubs */ -#define COMP_F_ALLOW_STUB_ONLY (1<<4) /* Only accept stub compression, even with COMP_F_ADVERTISE_STUBS_ONLY - * we still accept other compressions to be pushed */ -#define COMP_F_MIGRATE (1<<5) /* push stub-v2 or comp-lzo no when we see a client with comp-lzo in occ */ -#define COMP_F_ALLOW_ASYM (1<<6) /* Compression was explicitly set to allow asymetric compression */ -#define COMP_F_ALLOW_NOCOMP_ONLY (1<<7) /* Do not allow compression framing (breaks DCO) */ +/** initial command byte is swapped with last byte in buffer to preserve payload alignment */ +#define COMP_F_SWAP (1<<2) +/** tell server that we only support compression stubs */ +#define COMP_F_ADVERTISE_STUBS_ONLY (1<<3) +/** Only accept stub compression, even with COMP_F_ADVERTISE_STUBS_ONLY + * we still accept other compressions to be pushed */ +#define COMP_F_ALLOW_STUB_ONLY (1<<4) +/** push stub-v2 or comp-lzo no when we see a client with comp-lzo in occ */ +#define COMP_F_MIGRATE (1<<5) +/** Compression was explicitly set to allow asymetric compression */ +#define COMP_F_ALLOW_ASYM (1<<6) +/** Do not allow compression framing (breaks DCO) */ +#define COMP_F_ALLOW_NOCOMP_ONLY (1<<7) /* algorithms */ #define COMP_ALG_UNDEF 0 -#define COMP_ALG_STUB 1 /* support compression command byte and framing without actual compression */ -#define COMP_ALG_LZO 2 /* LZO algorithm */ -#define COMP_ALG_SNAPPY 3 /* Snappy algorithm (no longer supported) */ -#define COMP_ALG_LZ4 4 /* LZ4 algorithm */ +/** support compression command byte and framing without actual compression */ +#define COMP_ALG_STUB 1 +#define COMP_ALG_LZO 2 /**< LZO algorithm */ +#define COMP_ALG_SNAPPY 3 /**< Snappy algorithm (no longer supported) */ +#define COMP_ALG_LZ4 4 /**< LZ4 algorithm */ /* algorithm v2 */ @@ -106,7 +113,8 @@ #define LZO_COMPRESS_BYTE 0x66 #define LZ4_COMPRESS_BYTE 0x69 #define NO_COMPRESS_BYTE 0xFA -#define NO_COMPRESS_BYTE_SWAP 0xFB /* to maintain payload alignment, replace this byte with last byte of packet */ +/** to maintain payload alignment, replace this byte with last byte of packet */ +#define NO_COMPRESS_BYTE_SWAP 0xFB /* V2 on wire code */ #define COMP_ALGV2_INDICATOR_BYTE 0x50 diff --git a/src/openvpn/errlevel.h b/src/openvpn/errlevel.h index bf2e54e..1f54ed8 100644 --- a/src/openvpn/errlevel.h +++ b/src/openvpn/errlevel.h @@ -143,7 +143,7 @@ #define D_PACKET_TRUNC_DEBUG LOGLEV(7, 70, M_DEBUG) /* PACKET_TRUNCATION_CHECK verbose */ #define D_PING LOGLEV(7, 70, M_DEBUG) /* PING send/receive messages */ #define D_PS_PROXY_DEBUG LOGLEV(7, 70, M_DEBUG) /* port share proxy debug */ -#define D_TLS_KEYSELECT LOGLEV(7, 70, M_DEBUG) /* show information on key selection for data channel */ +#define D_TLS_KEYSELECT LOGLEV(7, 70, M_DEBUG) /* show key selection for data channel */ #define D_ARGV_PARSE_CMD LOGLEV(7, 70, M_DEBUG) /* show parse_line() errors in argv_parse_cmd */ #define D_CRYPTO_DEBUG LOGLEV(7, 70, M_DEBUG) /* show detailed info from crypto.c routines */ #define D_PID_DEBUG LOGLEV(7, 70, M_DEBUG) /* show packet-id debugging info */ @@ -153,7 +153,7 @@ #define D_VLAN_DEBUG LOGLEV(7, 74, M_DEBUG) /* show VLAN tagging/untagging debug info */ -#define D_HANDSHAKE_VERBOSE LOGLEV(8, 70, M_DEBUG) /* show detailed description of each handshake */ +#define D_HANDSHAKE_VERBOSE LOGLEV(8, 70, M_DEBUG) /* show detailed description of handshake */ #define D_TLS_DEBUG_MED LOGLEV(8, 70, M_DEBUG) /* limited info from tls_session routines */ #define D_INTERVAL LOGLEV(8, 70, M_DEBUG) /* show interval.h debugging info */ #define D_SCHEDULER LOGLEV(8, 70, M_DEBUG) /* show scheduler debugging info */ @@ -168,7 +168,7 @@ #define D_PACKET_CONTENT LOGLEV(9, 70, M_DEBUG) /* show before/after encryption packet content */ #define D_TLS_NO_SEND_KEY LOGLEV(9, 70, M_DEBUG) /* show when no data channel send-key exists */ #define D_PID_PERSIST_DEBUG LOGLEV(9, 70, M_DEBUG) /* show packet-id persist debugging info */ -#define D_LINK_RW_VERBOSE LOGLEV(9, 70, M_DEBUG) /* show link reads/writes with greater verbosity */ +#define D_LINK_RW_VERBOSE LOGLEV(9, 70, M_DEBUG) /* increase link reads/writes verbosity */ #define D_STREAM_DEBUG LOGLEV(9, 70, M_DEBUG) /* show TCP stream debug info */ #define D_WIN32_IO LOGLEV(9, 70, M_DEBUG) /* win32 I/O debugging info */ #define D_PKCS11_DEBUG LOGLEV(9, 70, M_DEBUG) /* show PKCS#11 debugging */ diff --git a/src/openvpn/fragment.h b/src/openvpn/fragment.h index 3cd0ee7..88f6053 100644 --- a/src/openvpn/fragment.h +++ b/src/openvpn/fragment.h @@ -92,25 +92,28 @@ * List of fragment structures for reassembling multiple incoming packets * concurrently. */ -struct fragment_list { - int seq_id; /**< Highest fragmentation sequence ID of - * the packets currently being - * reassembled. */ - int index; /**< Index of the packet being reassembled - * with the highest fragmentation - * sequence ID into the \c - * fragment_list.fragments array. */ +struct fragment_list +{ + /** Highest fragmentation sequence ID of + * the packets currently being + * reassembled. */ + int seq_id; + /** Index of the packet being reassembled + * with the highest fragmentation + * sequence ID into the \c + * fragment_list.fragments array. */ + int index; -/** Array of reassembly structures, each can contain one whole packet. - * - * The fragmentation sequence IDs of the packets being reassembled in - * this array are linearly increasing. \c - * fragment_list.fragments[fragment_list.index] has an ID of \c - * fragment_list.seq_id. This means that one of these \c fragment_list - * structures can at any one time contain at most packets with the - * fragmentation sequence IDs in the range \c fragment_list.seq_id \c - - * \c N_FRAG_BUF \c + \c 1 to \c fragment_list.seq_id, inclusive. - */ + /** Array of reassembly structures, each can contain one whole packet. + * + * The fragmentation sequence IDs of the packets being reassembled in + * this array are linearly increasing. \c + * fragment_list.fragments[fragment_list.index] has an ID of \c + * fragment_list.seq_id. This means that one of these \c fragment_list + * structures can at any one time contain at most packets with the + * fragmentation sequence IDs in the range \c fragment_list.seq_id \c - + * \c N_FRAG_BUF \c + \c 1 to \c fragment_list.seq_id, inclusive. + */ struct fragment fragments[N_FRAG_BUF]; }; @@ -149,9 +152,7 @@ * the remote OpenVPN peer can determine * which parts belong to which original * packet. */ -#define MAX_FRAG_PKT_SIZE 65536 - /**< (Not used) Maximum packet size before - * fragmenting. */ +#define MAX_FRAG_PKT_SIZE 65536 /**< (Not used) Maximum packet size before fragmenting. */ int outgoing_frag_size; /**< Size in bytes of each part to be * sent, except for the last part which * may be smaller. @@ -183,45 +184,37 @@ /**************************************************************************/ /** @name Fragment header * @todo Add description of %fragment header format. - *//** @{ *//*************************************/ + */ +/** @{ */ /*************************************/ typedef uint32_t fragment_header_type; -/**< Fragmentation information is stored in - * a 32-bit packet header. */ +/**< Fragmentation information is stored in a 32-bit packet header. */ #define hton_fragment_header_type(x) htonl(x) -/**< Convert a fragment_header_type from - * host to network order. */ +/**< Convert a fragment_header_type from host to network order. */ #define ntoh_fragment_header_type(x) ntohl(x) -/**< Convert a \c fragment_header_type - * from network to host order. */ +/**< Convert a \c fragment_header_type from network to host order. */ -#define FRAG_TYPE_MASK 0x00000003 -/**< Bit mask for %fragment type info. */ -#define FRAG_TYPE_SHIFT 0 /**< Bit shift for %fragment type info. */ +#define FRAG_TYPE_MASK 0x00000003 /**< Bit mask for %fragment type info. */ +#define FRAG_TYPE_SHIFT 0 /**< Bit shift for %fragment type info. */ -#define FRAG_WHOLE 0 /**< Fragment type indicating packet is - * whole. */ -#define FRAG_YES_NOTLAST 1 /**< Fragment type indicating packet is - * part of a fragmented packet, but not - * the last part in the sequence. */ -#define FRAG_YES_LAST 2 /**< Fragment type indicating packet is - * the last part in the sequence of - * parts. */ -#define FRAG_TEST 3 /**< Fragment type not implemented yet. - * In the future might be used as a - * control packet for establishing MTU - * size. */ +#define FRAG_WHOLE 0 /**< Fragment type indicating packet is whole. */ +#define FRAG_YES_NOTLAST 1 +/**< Fragment type indicating packet is part of a fragmented packet, but not + * the last part in the sequence. */ +#define FRAG_YES_LAST 2 +/**< Fragment type indicating packet is the last part in the sequence of parts. */ +#define FRAG_TEST 3 +/**< Fragment type not implemented yet. + * In the future might be used as a control packet for establishing MTU size. */ -#define FRAG_SEQ_ID_MASK 0x000000ff -/**< Bit mask for %fragment sequence ID. */ -#define FRAG_SEQ_ID_SHIFT 2 /**< Bit shift for %fragment sequence ID. */ +#define FRAG_SEQ_ID_MASK 0x000000ff /**< Bit mask for %fragment sequence ID. */ +#define FRAG_SEQ_ID_SHIFT 2 /**< Bit shift for %fragment sequence ID. */ -#define FRAG_ID_MASK 0x0000001f -/**< Bit mask for %fragment ID. */ -#define FRAG_ID_SHIFT 10 -/**< Bit shift for %fragment ID. */ +#define FRAG_ID_MASK 0x0000001f /**< Bit mask for %fragment ID. */ +#define FRAG_ID_SHIFT 10 /**< Bit shift for %fragment ID. */ + /* * FRAG_SIZE 14 bits @@ -232,12 +225,10 @@ * max_frag_size is only sent over the wire if FRAG_LAST is set. Otherwise it is assumed * to be the actual %fragment size received. */ -#define FRAG_SIZE_MASK 0x00003fff -/**< Bit mask for %fragment size. */ -#define FRAG_SIZE_SHIFT 15 -/**< Bit shift for %fragment size. */ -#define FRAG_SIZE_ROUND_SHIFT 2 /**< Bit shift for %fragment size rounding. */ -#define FRAG_SIZE_ROUND_MASK ((1 << FRAG_SIZE_ROUND_SHIFT) - 1) +#define FRAG_SIZE_MASK 0x00003fff /**< Bit mask for %fragment size. */ +#define FRAG_SIZE_SHIFT 15 /**< Bit shift for %fragment size. */ +#define FRAG_SIZE_ROUND_SHIFT 2 /**< Bit shift for %fragment size rounding. */ +#define FRAG_SIZE_ROUND_MASK ((1 << FRAG_SIZE_ROUND_SHIFT) - 1) /**< Bit mask for %fragment size rounding. */ /* @@ -245,10 +236,8 @@ * * IF FRAG_WHOLE or FRAG_YES_NOTLAST, these 16 bits are available (not currently used) */ -#define FRAG_EXTRA_MASK 0x0000ffff -/**< Bit mask for extra bits. */ -#define FRAG_EXTRA_SHIFT 15 -/**< Bit shift for extra bits. */ +#define FRAG_EXTRA_MASK 0x0000ffff /**< Bit mask for extra bits. */ +#define FRAG_EXTRA_SHIFT 15 /**< Bit shift for extra bits. */ /** @} name Fragment header *//********************************************/ diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 9eb8290..187c0a9 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -983,7 +983,8 @@ { if (!options->dev && options->dev_node) { - char *dev_node = string_alloc(options->dev_node, NULL); /* POSIX basename() implementations may modify its arguments */ + /* POSIX basename() implementations may modify its arguments */ + char *dev_node = string_alloc(options->dev_node, NULL); options->dev = basename(dev_node); } } @@ -2572,12 +2573,14 @@ } else { - initialization_sequence_completed(c, error_flags); /* client/p2p --route-delay undefined */ + /* client/p2p --route-delay undefined */ + initialization_sequence_completed(c, error_flags); } } else if (c->options.mode == MODE_POINT_TO_POINT) { - initialization_sequence_completed(c, error_flags); /* client/p2p restart with --persist-tun */ + /* client/p2p restart with --persist-tun */ + initialization_sequence_completed(c, error_flags); } tls_print_deferred_options_results(c); diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c index 0e73942..567b6ea 100644 --- a/src/openvpn/manage.c +++ b/src/openvpn/manage.c @@ -3447,7 +3447,8 @@ const bool standalone_disabled_save = man->persist.standalone_disabled; time_t expire = 0; - man->persist.standalone_disabled = false; /* This is so M_CLIENT messages will be correctly passed through msg() */ + /* This is so M_CLIENT messages will be correctly passed through msg() */ + man->persist.standalone_disabled = false; /* set expire time */ update_time(); @@ -3510,7 +3511,8 @@ unsigned int up_query_mode = 0; const char *sc = NULL; ret = true; - man->persist.standalone_disabled = false; /* This is so M_CLIENT messages will be correctly passed through msg() */ + /* This is so M_CLIENT messages will be correctly passed through msg() */ + man->persist.standalone_disabled = false; man->persist.special_state_msg = NULL; CLEAR(man->connection.up_query); @@ -3634,7 +3636,8 @@ if (man_standalone_ok(man)) { - man->persist.standalone_disabled = false; /* This is so M_CLIENT messages will be correctly passed through msg() */ + /* This is so M_CLIENT messages will be correctly passed through msg() */ + man->persist.standalone_disabled = false; man->persist.special_state_msg = NULL; *state = EKS_SOLICIT; diff --git a/src/openvpn/misc.h b/src/openvpn/misc.h index 3c46c02..5f55a060 100644 --- a/src/openvpn/misc.h +++ b/src/openvpn/misc.h @@ -114,12 +114,14 @@ #define GET_USER_PASS_NEED_STR (1<<5) #define GET_USER_PASS_PREVIOUS_CREDS_FAILED (1<<6) -#define GET_USER_PASS_DYNAMIC_CHALLENGE (1<<7) /* CRV1 protocol -- dynamic challenge */ -#define GET_USER_PASS_STATIC_CHALLENGE (1<<8) /* SCRV1 protocol -- static challenge */ -#define GET_USER_PASS_STATIC_CHALLENGE_ECHO (1<<9) /* SCRV1 protocol -- echo response */ +#define GET_USER_PASS_DYNAMIC_CHALLENGE (1<<7) /**< CRV1 protocol -- dynamic challenge */ +#define GET_USER_PASS_STATIC_CHALLENGE (1<<8) /**< SCRV1 protocol -- static challenge */ +#define GET_USER_PASS_STATIC_CHALLENGE_ECHO (1<<9) /**< SCRV1 protocol -- echo response */ -#define GET_USER_PASS_INLINE_CREDS (1<<10) /* indicates that auth_file is actually inline creds */ -#define GET_USER_PASS_STATIC_CHALLENGE_CONCAT (1<<11) /* indicates password and response should be concatenated */ +/** indicates that auth_file is actually inline creds */ +#define GET_USER_PASS_INLINE_CREDS (1<<10) +/** indicates password and response should be concatenated */ +#define GET_USER_PASS_STATIC_CHALLENGE_CONCAT (1<<11) /** * Retrieves the user credentials from various sources depending on the flags. diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 96119c4..8c41dec 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -853,7 +853,8 @@ o->tuntap_options.ip_win32_type = IPW32_SET_DHCP_MASQ; #endif o->tuntap_options.dhcp_lease_time = 31536000; /* one year */ - o->tuntap_options.dhcp_masq_offset = 0; /* use network address as internal DHCP server address */ + /* use network address as internal DHCP server address */ + o->tuntap_options.dhcp_masq_offset = 0; o->route_method = ROUTE_METHOD_ADAPTIVE; o->block_outside_dns = false; o->windows_driver = WINDOWS_DRIVER_UNSPECIFIED; diff --git a/src/openvpn/ssl_common.h b/src/openvpn/ssl_common.h index 90e16f9..d2c6393 100644 --- a/src/openvpn/ssl_common.h +++ b/src/openvpn/ssl_common.h @@ -75,10 +75,10 @@ * * @{ */ -#define S_ERROR (-2) /**< Error state. */ -#define S_ERROR_PRE (-1) /**< Error state but try to send out alerts - * before killing the keystore and moving - * it to S_ERROR */ +#define S_ERROR (-2) /**< Error state. */ +#define S_ERROR_PRE (-1) /**< Error state but try to send out alerts + * before killing the keystore and moving + * it to S_ERROR */ #define S_UNDEF 0 /**< Undefined state, used after a \c * key_state is cleaned up. */ #define S_INITIAL 1 /**< Initial \c key_state state after @@ -567,18 +567,22 @@ * tls_session reaches S_ACTIVE, this state machine moves to CAS_PENDING (server) * or CAS_CONNECT_DONE (client/p2p) as clients skip the stages associated with * connect scripts/plugins */ -enum multi_status { +enum multi_status +{ CAS_NOT_CONNECTED, - CAS_WAITING_AUTH, /**< Initial TLS connection established but deferred auth is not yet finished */ - CAS_PENDING, /**< Options import (Connect script/plugin, ccd,...) */ - CAS_PENDING_DEFERRED, /**< Waiting on an async option import handler */ - CAS_PENDING_DEFERRED_PARTIAL, /**< at least handler succeeded but another is still pending */ - CAS_FAILED, /**< Option import failed or explicitly denied the client */ - CAS_WAITING_OPTIONS_IMPORT, /**< client with pull or p2p waiting for first time options import */ - CAS_RECONNECT_PENDING, /**< session has already successful established (CAS_CONNECT_DONE) - * but has a reconnect and needs to redo some initialisation, this state is - * similar CAS_WAITING_OPTIONS_IMPORT but skips a few things. The normal connection - * skips this step. */ + CAS_WAITING_AUTH, /**< Initial TLS connection established but deferred auth is not yet finished + */ + CAS_PENDING, /**< Options import (Connect script/plugin, ccd,...) */ + CAS_PENDING_DEFERRED, /**< Waiting on an async option import handler */ + CAS_PENDING_DEFERRED_PARTIAL, /**< at least handler succeeded but another is still pending */ + CAS_FAILED, /**< Option import failed or explicitly denied the client */ + CAS_WAITING_OPTIONS_IMPORT, /**< client with pull or p2p waiting for first time options import + */ + /** session has already successful established (CAS_CONNECT_DONE) but has a + * reconnect and needs to redo some initialisation, this state is similar + * CAS_WAITING_OPTIONS_IMPORT but skips a few things. The normal connection + * skips this step. */ + CAS_RECONNECT_PENDING, CAS_CONNECT_DONE, }; @@ -626,8 +630,9 @@ int n_hard_errors; /* errors due to TLS negotiation failure */ int n_soft_errors; /* errors due to unrecognized or failed-to-authenticate incoming packets */ - /* - * Our locked common name, username, and cert hashes (cannot change during the life of this tls_multi object) + /** + * Our locked common name, username, and cert hashes + * (cannot change during the life of this tls_multi object) */ char *locked_cn; @@ -642,43 +647,46 @@ struct cert_hash_set *locked_cert_hash_set; - /** Time of last when we updated the cached state of + /** + * Time of last when we updated the cached state of * tls_authentication_status deferred files */ time_t tas_cache_last_update; /** The number of times we updated the cache */ unsigned int tas_cache_num_updates; - /* - * An error message to send to client on AUTH_FAILED - */ + /** An error message to send to client on AUTH_FAILED */ char *client_reason; - /* + /** * A multi-line string of general-purpose info received from peer * over control channel. */ char *peer_info; - char *auth_token; /**< If server sends a generated auth-token, - * this is the token to use for future - * user/pass authentications in this session. - */ - char *auth_token_initial; - /**< The first auth-token we sent to a client. We use this to remember + /** + * If server sends a generated auth-token, + * this is the token to use for future + * user/pass authentications in this session. + */ + char *auth_token; + /** + * The first auth-token we sent to a client. We use this to remember * the session ID and initial timestamp when generating new auth-token. */ -#define AUTH_TOKEN_HMAC_OK (1<<0) - /**< Auth-token sent from client has valid hmac */ -#define AUTH_TOKEN_EXPIRED (1<<1) - /**< Auth-token sent from client has expired */ -#define AUTH_TOKEN_VALID_EMPTYUSER (1<<2) - /**< - * Auth-token is only valid for an empty username - * and not the username actually supplied from the client - * - * OpenVPN 3 clients sometimes wipes or replaces the username with a - * username hint from their config. - */ + char *auth_token_initial; + +/** Auth-token sent from client has valid hmac */ +#define AUTH_TOKEN_HMAC_OK (1 << 0) +/** Auth-token sent from client has expired */ +#define AUTH_TOKEN_EXPIRED (1 << 1) +/** + * Auth-token is only valid for an empty username + * and not the username actually supplied from the client + * + * OpenVPN 3 clients sometimes wipes or replaces the username with a + * username hint from their config. + */ +#define AUTH_TOKEN_VALID_EMPTYUSER (1 << 2) /* For P_DATA_V2 */ uint32_t peer_id; @@ -690,10 +698,10 @@ /* * Our session objects. */ + /** Array of \c tls_session objects + * representing control channel + * sessions with the remote peer. */ struct tls_session session[TM_SIZE]; - /**< Array of \c tls_session objects - * representing control channel - * sessions with the remote peer. */ /* Only used when DCO is used to remember how many keys we installed * for this session */