From patchwork Fri Feb 10 14:27:06 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 3075 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp1312971dyk; Fri, 10 Feb 2023 06:28:16 -0800 (PST) X-Google-Smtp-Source: AK7set/pzX20QKKL/+t43P5aB4WtkYknpQibXD+NuZs9xEouMDe/BnVbg4SNUKaO41oBLZfg7omk X-Received: by 2002:a62:7bc8:0:b0:593:c665:f256 with SMTP id w191-20020a627bc8000000b00593c665f256mr5315168pfc.3.1676039295944; Fri, 10 Feb 2023 06:28:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676039295; cv=none; d=google.com; s=arc-20160816; b=CBrQ0eGYcu08aqFGo88U6n3l7NIPCkjPUFxwWE+Xk6Z9+lM+jNmkD2tDGxXjRy/N5+ urDBiuLmlHZNR4+sTodxGtN3xVSJmAY/bU+QnWfLSR8RG2AFuyRDUShWahLq53rOqn7C Ugt+aFuVmJZC8Aqi9PMC7Wj3E+Tmz+Eaa/VCSo3OqAkZSOHm5KgptnhzUhR+EE+I8jUL qd+IZ3pdYUs3qMFunQSQFzyljLXM10otm/pF5PquVIL2DUvkY4W5xP3kcrlEAOgHIFNo 9w9y0M3tAPn+IJuVyW+2J9cCkyAhKsPicgUZ0jeJ9E/tousKW5XV00+Ya+VmsftkYLkL RclQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=Tgm5PQmv/2xNT6L2JnI6HWos8ApgKfpQd/g54fEuLv8=; b=1DgNma2H/hpsbcBb2Hv1YRKwwcOax/v8fwWeW9mmcMDNNIThBVKUlpwMraKZ7eT0MN ickPNLAjVDRaqLZM2CLKK6O2Ha8orrZFH17XyRq7ovwHYA8TneiavG6KQPuKnKnm1nVX JrZrBUrpcMLxNeLPARndRpapfGgawgmK1xSigwpZBZPfSchzSgWQAzdZOX4XFXliQzhK rXBmaq1KGRIdJnrT/CImOTnDsDB7fzs81Ws519mvbYBCNbmTPVnIoFfcOTFNBz2U+FZF +dLSsLDq9o95V12vhz4kpnni4QzSzrn1yZEhjCsxlFhXdYtfA1zK5S6s2u0Zs0HODdYA XIRQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=DXbzhNFL; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=K356iBlR; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id h3-20020a056a00000300b00593b8c172d8si4380703pfk.200.2023.02.10.06.28.15 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 10 Feb 2023 06:28:15 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=DXbzhNFL; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=K356iBlR; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pQUN8-0002my-T4; Fri, 10 Feb 2023 14:27:30 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pQUN6-0002me-Kz for openvpn-devel@lists.sourceforge.net; Fri, 10 Feb 2023 14:27:27 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=PQyaNORpjG1b8fjDtFJtpo/mnPlV++E523fBzjzka88=; b=DXbzhNFLRn+/tOID2lE9q55xRy 22TEDDfz5nQOcmHkfhJIo/BwU4tOlvIlRzLvVTyQXyqH2ZZLXS+nxiSxu/TcRYW0aE8nt/FLEanAl OweyRtH6WvI/ZiIhU9x1KUQPGHROimxuIH+biXNHjI6E3A9PsPaOSc6XNt4HQpYN5Bok=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=PQyaNORpjG1b8fjDtFJtpo/mnPlV++E523fBzjzka88=; b=K356iBlR2k3E3UBC9+qu00Lxnc TTXrHaRj+rPSWnx5WUAj4pJySjWcA91m7fUza7piSgfww3GHlnfp7K7LzaV5m9oNPGgFDK/iwv4xE EyWKekqUZk+GoaZhF25MZvcHDb8WQNIYmSZHzrOZdjMkWo/tmzOgoQdqMJ57VVRCMRug=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1pQUN1-0007Ej-91 for openvpn-devel@lists.sourceforge.net; Fri, 10 Feb 2023 14:27:27 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1pQUMq-00051a-6H for openvpn-devel@lists.sourceforge.net; Fri, 10 Feb 2023 15:27:12 +0100 Received: (nullmailer pid 572355 invoked by uid 10006); Fri, 10 Feb 2023 14:27:12 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 10 Feb 2023 15:27:06 +0100 Message-Id: <20230210142712.572303-3-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230210142712.572303-1-arne@rfc2549.org> References: <20230210142712.572303-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Score: 0.3 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Instead of passing a value and a bool just pass the value and 0 if the caller does not want the value to be added. This also allows the function to be used by a function without a frame struct. Signed-off-by: Arne Schwabe --- src/openvpn/mss.c | 2 +- src/openvpn/mtu.c | 14 +++++--------- src/openvpn/mtu.h | 6 +++--- src/openvpn/occ.c | 3 +-- 4 files changed, 10 insertions( [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1pQUN1-0007Ej-91 Subject: [Openvpn-devel] [PATCH 1/4] Combine extra_tun/frame parameter of frame_calculate_payload_overhead X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1757454580552971088?= X-GMAIL-MSGID: =?utf-8?q?1757454580552971088?= Instead of passing a value and a bool just pass the value and 0 if the caller does not want the value to be added. This also allows the function to be used by a function without a frame struct. Signed-off-by: Arne Schwabe Acked-By: Frank Lichtenheld --- src/openvpn/mss.c | 2 +- src/openvpn/mtu.c | 14 +++++--------- src/openvpn/mtu.h | 6 +++--- src/openvpn/occ.c | 3 +-- 4 files changed, 10 insertions(+), 15 deletions(-) diff --git a/src/openvpn/mss.c b/src/openvpn/mss.c index 429aa1e93..98d540688 100644 --- a/src/openvpn/mss.c +++ b/src/openvpn/mss.c @@ -303,7 +303,7 @@ frame_calculate_mssfix(struct frame *frame, struct key_type *kt, /* Calculate the number of bytes that the payload differs from the payload * MTU. This are fragment/compression/ethernet headers */ - payload_overhead = frame_calculate_payload_overhead(frame, options, kt, true); + payload_overhead = frame_calculate_payload_overhead(frame->extra_tun, options, kt); /* We are in a "liberal" position with respect to MSS, * i.e. we assume that MSS can be calculated from MTU diff --git a/src/openvpn/mtu.c b/src/openvpn/mtu.c index 1d9ebe011..56ea67061 100644 --- a/src/openvpn/mtu.c +++ b/src/openvpn/mtu.c @@ -108,20 +108,16 @@ frame_calculate_protocol_header_size(const struct key_type *kt, size_t -frame_calculate_payload_overhead(const struct frame *frame, +frame_calculate_payload_overhead(size_t extra_tun, const struct options *options, - const struct key_type *kt, - bool extra_tun) + const struct key_type *kt) { size_t overhead = 0; /* This is the overhead of tap device that is not included in the MTU itself * i.e. Ethernet header that we still need to transmit as part of the - * payload */ - if (extra_tun) - { - overhead += frame->extra_tun; - } + * payload, this is set to 0 by caller if not applicable */ + overhead += extra_tun; #if defined(USE_COMP) /* v1 Compression schemes add 1 byte header. V2 only adds a header when it @@ -158,7 +154,7 @@ frame_calculate_payload_size(const struct frame *frame, const struct key_type *kt) { size_t payload_size = options->ce.tun_mtu; - payload_size += frame_calculate_payload_overhead(frame, options, kt, true); + payload_size += frame_calculate_payload_overhead(frame->extra_tun, options, kt); return payload_size; } diff --git a/src/openvpn/mtu.h b/src/openvpn/mtu.h index 0ff4f7bfa..21dbcee7f 100644 --- a/src/openvpn/mtu.h +++ b/src/openvpn/mtu.h @@ -217,10 +217,10 @@ frame_calculate_payload_size(const struct frame *frame, * * [IP][UDP][OPENVPN PROTOCOL HEADER][ **PAYLOAD incl compression header** ] */ size_t -frame_calculate_payload_overhead(const struct frame *frame, +frame_calculate_payload_overhead(size_t extra_tun, const struct options *options, - const struct key_type *kt, - bool extra_tun); + const struct key_type *kt); + /** * Calculates the size of the OpenVPN protocol header. This includes diff --git a/src/openvpn/occ.c b/src/openvpn/occ.c index 0fa803cdb..94b82e0f5 100644 --- a/src/openvpn/occ.c +++ b/src/openvpn/occ.c @@ -305,8 +305,7 @@ check_send_occ_msg_dowork(struct context *c) const struct key_type *kt = &c->c1.ks.key_type; /* OCC message have comp/fragment headers but not ethernet headers */ - payload_hdr = frame_calculate_payload_overhead(&c->c2.frame, &c->options, - kt, false); + payload_hdr = frame_calculate_payload_overhead(0, &c->options, kt); /* Since we do not know the payload size we just pass 0 as size here */ proto_hdr = frame_calculate_protocol_header_size(kt, &c->options, false); From patchwork Fri Feb 10 14:27:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 3072 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp1312598dyk; Fri, 10 Feb 2023 06:27:48 -0800 (PST) X-Google-Smtp-Source: AK7set8Y2+9gObeELAV328MCVEcfnpkQ1DC45MOFHXFoowZ8QGzPWuzHqJFHQ6AcuIbiWpnUq9Bz X-Received: by 2002:a05:6a20:690c:b0:be:e908:3292 with SMTP id q12-20020a056a20690c00b000bee9083292mr17141680pzj.15.1676039268520; Fri, 10 Feb 2023 06:27:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676039268; cv=none; d=google.com; s=arc-20160816; b=NF67ytjbXWbgCXIzYO5K7IYVDESulxaYzdwLoNg52f88VBeyF8BZ4wFUxr4z70/Bw+ Y6uuv25MmIkEQc+VtaPPHz/3dujzS6GdAUfk0ynIBHSEkEvA9h5j5wldYnTeyVuYeXbv aLp0/Jju6i1vlbrLjjNMWjGpNCmGS5ErVnSxgWqmNPkzPNe6Vyve/uQ/vHQcCRrlPLMK NKNJhjPKrO0jZ3Ma78zQLadq1s/Hpu8r0OQAtuLApssWJmHjgEWiiVWgR9bbInWP5tqr QT2nFDQtdRxaMTuMnTeErUT6nDVK6s/EujwlgkDmUNn5VCZXLUzR5WV6klG5BcZ1Ftr0 LI8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=qoBOrik5qlda2/lX2V9gu9/kmSJPiNtAVRkRfZNFJ58=; b=FyykaC4MTe7L6SuDBqD2F9so7T0PYJPO/jK7iOBjZ3gYniSw5NsJr1itHdQq1LSnJQ 7KgkMzgdk6NYlUl/HMwAvk48VN7HkJLyil7bY5Us8NB+XTqm7gudDU3P8lja6fY4Zlc8 SbDwdVZPLzDLXPMvAKx6+P77heU1iTUo5mnPZG/31BHB0m/DOnaHZ3jFVTKzMQMdltWE ZVmoxxk/HtCfYgtW2zgYezKrURY6GK9FmhsAFJdq6Jnc3WgCf2vH2py/C6Ydh6NyzP6F oaqt7zxmaN7+sfH+cp1xTGDEoGgCizzOkOBB8/r2yPuI+SHG99WMA35Czd8LolKCT5K8 XoRA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="QhCr/xJ9"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=IQ7MNklk; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id i63-20020a638742000000b004fae8ae9ceesi4953920pge.405.2023.02.10.06.27.47 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 10 Feb 2023 06:27:48 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="QhCr/xJ9"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=IQ7MNklk; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pQUN7-0006yb-CY; Fri, 10 Feb 2023 14:27:28 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pQUN5-0006y3-RM for openvpn-devel@lists.sourceforge.net; Fri, 10 Feb 2023 14:27:27 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=1L5RLTc9G1zySCqAypQZTn/z96M4I/92xXt6z5E2yus=; b=QhCr/xJ9+PgoQg+oko1iXEstGw RG/paM8BOdqEAwZRzmMrAPoeLZ//+Bhxuvm8bL4N2ZttVdqki/RsZxvimRxKythIOHKC1Kyrk4PWm c+e6LPN/TN/psbLNT6YUWk9t44ZSJhFpZOkIKDiyqab/5p1HlE2cgots28CPwmcKQasQ=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=1L5RLTc9G1zySCqAypQZTn/z96M4I/92xXt6z5E2yus=; b=IQ7MNklkgp+4o+16ORnW3/OjNE OpXY9G+9KSGjLQEvDtOJ+Cl9wnJoJTOfQBN0T/1nKxWIASCqFFu+ZesbhvB9OAiPugYWRGHqehFmM rTTcc/VpKnMd8rKzSPjHBit6fIMZJHk/JWUKYCq5ls87ogoy9GCjjxJKdCuG0GRmvXD4=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1pQUN1-00HHnn-9P for openvpn-devel@lists.sourceforge.net; Fri, 10 Feb 2023 14:27:26 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1pQUMq-00051c-6q for openvpn-devel@lists.sourceforge.net; Fri, 10 Feb 2023 15:27:12 +0100 Received: (nullmailer pid 572363 invoked by uid 10006); Fri, 10 Feb 2023 14:27:12 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 10 Feb 2023 15:27:09 +0100 Message-Id: <20230210142712.572303-6-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230210142712.572303-1-arne@rfc2549.org> References: <20230210142712.572303-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Score: 0.3 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Signed-off-by: Arne Schwabe --- doc/openvpn.8.rst | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/doc/openvpn.8.rst b/doc/openvpn.8.rst index 995467478..415f210ce 100644 --- a/doc/openvpn.8.rst +++ b/doc/openvpn.8.rst @@ -97, 6 +97, 8 @@ https://community.openvpn.net/openvpn/wiki/FAQ Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1pQUN1-00HHnn-9P Subject: [Openvpn-devel] [PATCH 2/4] Update the last sections in the man page to a be a bit less outdated X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1757454552004355410?= X-GMAIL-MSGID: =?utf-8?q?1757454552004355410?= Signed-off-by: Arne Schwabe Acked-By: Frank Lichtenheld --- doc/openvpn.8.rst | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/doc/openvpn.8.rst b/doc/openvpn.8.rst index 995467478..415f210ce 100644 --- a/doc/openvpn.8.rst +++ b/doc/openvpn.8.rst @@ -97,6 +97,8 @@ https://community.openvpn.net/openvpn/wiki/FAQ HOWTO ===== +The manual ``openvpn-examples``\(5) give some examples, especially for +small setups. For a more comprehensive guide to setting up OpenVPN in a production setting, see the OpenVPN HOWTO at @@ -107,18 +109,17 @@ https://openvpn.net/community-resources/how-to/ PROTOCOL ======== -For a description of OpenVPN's underlying protocol, see -https://openvpn.net/community-resources/openvpn-protocol/ - +An ongoing effort to document the OpenVPN protocol can be found under +https://github.com/openvpn/openvpn-rfc WEB === -OpenVPN's web site is at https://openvpn.net/ +OpenVPN's web site is at https://community.openvpn.net/ Go here to download the latest version of OpenVPN, subscribe to the -mailing lists, read the mailing list archives, or browse the SVN +mailing lists, read the mailing list archives, or browse the Git repository. From patchwork Fri Feb 10 14:27:10 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 3071 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp1312591dyk; Fri, 10 Feb 2023 06:27:48 -0800 (PST) X-Google-Smtp-Source: AK7set+NOnNCZR13BQ+1/T5jIP3H+Dol0JTNgspYcTa+62Bza5pZeKRKll6ZLNVhO3NSzhhNb1Wg X-Received: by 2002:a62:384f:0:b0:5a8:5901:3fb1 with SMTP id f76-20020a62384f000000b005a859013fb1mr5662501pfa.29.1676039268249; Fri, 10 Feb 2023 06:27:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676039268; cv=none; d=google.com; s=arc-20160816; b=f4cV6YDOkQBPlxPBnvkQc/LwlnJdqMz7toC54pVkepra6Z4InIvfHa/HUNsrZ1Cvmh d7TR972BMt0DiWh0riKYFYNoWnGwYkvjIuRV4KAYj6RI59TiqdlCMKkVxw6FY/+SFiWN fZxgtGLWEm5z1cF3v84rmbyd0e6YOXnn1jZ/rx9s+J08LqKU7KzZyPB5Nrajq9zo93xM ZVHD1Q4a0u+5N7Nqy2oXT4F+Z89OMiNLTnGAP+uZGv1wWvLgI4lHZjR0SiwLk8NIbq0q NGhwJnFT3WCyFeN2C2194bmczEFtQTqdy2irYytz54NIQe8vxtLASTL2VVbWoIcVhL8A ygQA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=/X0T4o78BIgZTUgyGCZ3mGiYf+rMKK6/aYWVEvdJni4=; b=m7josT4KlZnzLgxwfW8IeIA+ylC8zyE8QQbX2VqyV7PGurFFLXn0GdNdfroqirwfXA pFTJiuOpr6qK8QtsEeKmhfkyZLYyJ/NiZpyvGCZduqt8Do3QdgfP/BsmbFFpTG65oaAA ENsc7qQ4x564UcOqFMm/HwYcDXeNCjZpFxAv5eR7YTgKwfRYYPXCguIt0462PUB2gLZ9 Luux5faGezeNfDypQCBAYsHJl57wWeCLKqQ7bIWNeTO5ncvBWEudIcldd8qIETX2JY4o X0GASK/c9vLmWXkTkGRtM57Wsew1zIF5ujFXalMk2yG8xO9pT3tBm6fiGgRcc9eJiqCs YCOQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=SpZxaJTD; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=AwEisMG7; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id v6-20020aa799c6000000b0059396a2d60csi4289557pfi.367.2023.02.10.06.27.47 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 10 Feb 2023 06:27:48 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=SpZxaJTD; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=AwEisMG7; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pQUN8-0002ms-GV; Fri, 10 Feb 2023 14:27:29 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pQUN6-0002mW-5H for openvpn-devel@lists.sourceforge.net; Fri, 10 Feb 2023 14:27:27 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Tz08TJHZKkFPZs19zm5Jo839VOvUBDpqnKnx8dbqVRc=; b=SpZxaJTDHNuVLfXGTUm18l0+vP s3vJw8FatLY4yEGoeuLwFgz5jbbdJAleQnlffA4NDYrEpR+Dw9iFCTQbj7Lq9v6IK6UeQZj5/pFQo p+AkxBN1Hvvor6uWwPBfxHCuTmwEre79LfreXmT9ZeVbKF12l9iJ6TKeU482dWC315G0=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Tz08TJHZKkFPZs19zm5Jo839VOvUBDpqnKnx8dbqVRc=; b=AwEisMG79ylWVePY7fK54CyD5l vx2liAWHXvTB/jjhpxt3/iWNwSleYeM5gBWoqoLO+qOyLl5SnjDVOMWmFFnwHV0vv+9WMiyyVG3ZO 4QDTQuj+VUEkpaa8O6D5m6ci5ChtBVZZvKrKWqdhHVKMCp9523Bm//rDsXlNwkFXLDZ0=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1pQUN1-00HHnp-9Q for openvpn-devel@lists.sourceforge.net; Fri, 10 Feb 2023 14:27:27 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1pQUMq-00051e-7Q for openvpn-devel@lists.sourceforge.net; Fri, 10 Feb 2023 15:27:12 +0100 Received: (nullmailer pid 572365 invoked by uid 10006); Fri, 10 Feb 2023 14:27:12 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 10 Feb 2023 15:27:10 +0100 Message-Id: <20230210142712.572303-7-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230210142712.572303-1-arne@rfc2549.org> References: <20230210142712.572303-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Score: 0.3 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Newer OpenVPN 3 core versions now allow limited configuration of ciphers: // Allow usage of legacy (cipher) algorithm that are no longer considered safe // This includes BF-CBC, single DES and RC2 private key encryption. // With OpenSSL 3.0 this also instructs OpenSSL to l [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1pQUN1-00HHnp-9Q Subject: [Openvpn-devel] [PATCH 3/4] Revise the cipher negotiation about OpenVPN3 in the man page X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1757454551419830637?= X-GMAIL-MSGID: =?utf-8?q?1757454551419830637?= Newer OpenVPN 3 core versions now allow limited configuration of ciphers: // Allow usage of legacy (cipher) algorithm that are no longer considered safe // This includes BF-CBC, single DES and RC2 private key encryption. // With OpenSSL 3.0 this also instructs OpenSSL to load the legacy provider. bool enableLegacyAlgorithms = false; // By default modern OpenVPN version (OpenVPN 2.6 and OpenVPN core 3.7) will only allow // preferred algorithms (AES-GCM, Chacha20-Poly1305) that also work with the newer DCO // implementations. If this is enabled, we fall back to allowing all algorithms (if these are // supported by the crypto library) bool enableNonPreferredDCAlgorithms = false; Adjust the man page section accordingly but only really mention the AEAD ciphers to be always present and that they should be included in the data-ciphers option. Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- doc/man-sections/cipher-negotiation.rst | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/doc/man-sections/cipher-negotiation.rst b/doc/man-sections/cipher-negotiation.rst index b07176cd2..66afeb835 100644 --- a/doc/man-sections/cipher-negotiation.rst +++ b/doc/man-sections/cipher-negotiation.rst @@ -42,8 +42,9 @@ options to avoid this behaviour. OpenVPN 3 clients ----------------- Clients based on the OpenVPN 3.x library (https://github.com/openvpn/openvpn3/) -do not have a configurable ``--ncp-ciphers`` or ``--data-ciphers`` option. Instead -these clients will announce support for all their supported AEAD ciphers +do not have a configurable ``--ncp-ciphers`` or ``--data-ciphers`` option. Newer +version by default will disable legacy AES-CBC, BF-CBC, and, DES-CBC ciphers. +These clients will always announce support for all their supported AEAD ciphers (`AES-256-GCM`, `AES-128-GCM` and in newer versions also `Chacha20-Poly1305`). To support OpenVPN 3.x based clients at least one of these ciphers needs to be From patchwork Fri Feb 10 14:27:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 3077 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp1313034dyk; Fri, 10 Feb 2023 06:28:21 -0800 (PST) X-Google-Smtp-Source: AK7set/tXXw16LNHJIXrNTSePbUoLBdcY7EGVu3l/NlpUjEqBS0JuHhv+y9NxpfxvSv1Xackmwnd X-Received: by 2002:a17:902:da8b:b0:199:bd4:9fbb with SMTP id j11-20020a170902da8b00b001990bd49fbbmr17874097plx.43.1676039301072; Fri, 10 Feb 2023 06:28:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676039301; cv=none; d=google.com; s=arc-20160816; b=e9Ap1ZLU6E1+YBemzX498Em7jvAVHr29hfimkS3MPLE+2hMm4LapgzGDmU4Zi3Igyy o5DiBzyHYqP3HpJAvYQdhwY71bnt8xgrEU18epHwGdqTpt5SnSxbiedRHxV3fnFKZDyx vAcZqmMfpr2pZPMG9gWqrN9r6niG9YW1H2g/4WAK0rWIkDUdBy32wTQnOR4j7szEjg0O +Dgzbkl6JC6wZoYGCHYuwipPnW25omKKu/tRQMe+q3WiR5E5ou4Ii8pRxC8ssQXvbx/v k3J2P3uDO6Fn+C0co0ymFggKOaao8aXWcOkuJEKreMRPptRIHpRSZRdNLxsRYKTKVB4u vyzg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=lGYOGQlsvNFCIoK5e0Ah77qVkY64eCvH0d3PDyQIIVU=; b=L9vIPwNyeSmqzTfBSJwwTAm8K/CnytWVy1czk8kS5at/yndraBEuf9xEPeFrfM2hhY xtpiU+BDq8KDIR8eMEcDrEKfVdLwvhWbgINYc6Ic2qfMHzmD+EcYVEuCS6Qw+tApar34 PBQJsNyiWYkQBMzJX1Rnnm4cP24pFvEknRxzrEMsRI+uX7tQIEKhRYLGOE7ZpdN/w/N2 afHMPA7ATdR/HPrf99YkWq8orV94uiyKNtl86VPa7QMK+RSH0uNl2UVrXffLqz3D3a2Q JRjowCpCdAsKa5cC5DCLDoXmwqnUjhnYAuyLr181s+V1Cd2rJBw2casJESc3nHwIU4Un BW3A== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="ICq/k+Ma"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="T+Zul//r"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id u15-20020a17090341cf00b00193f8c6a020si5179535ple.111.2023.02.10.06.28.20 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 10 Feb 2023 06:28:21 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="ICq/k+Ma"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="T+Zul//r"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pQUND-0006zs-Ie; Fri, 10 Feb 2023 14:27:34 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pQUN7-0006yS-1C for openvpn-devel@lists.sourceforge.net; Fri, 10 Feb 2023 14:27:28 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=HK+7fRBTFtRMPIm4SW5nJ4yh1ByF1eJ8IHI0rQaDHno=; b=ICq/k+Mabg1JpYEHBPCPtm5N4T YRBqxCebRrLdR6Da7xjJDLMRhpjhSS8zt6/WN2ERh87BKu5BDtoBIa/ZZTs07pxW04rieV8Krfzmx MVxkIYxzlc2+TlEl62wJIMuEp7w6aN+Q1cGx2j7Zrozd2VMHHqlg1gxTtdQwidvKS9E4=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=HK+7fRBTFtRMPIm4SW5nJ4yh1ByF1eJ8IHI0rQaDHno=; b=T+Zul//rKs1gmCHIXbOXEIdgLT zDlBvQUyd/+PGUHGw3wg4uFCaoGT7SGMbilGkkITwyz6ukQQKXjO+Ud/Snbp3swrg2IJ1VKSGpwYm wFyKf1SZNrB5/ubPYz4JHntlkuFXtn3/BNk0ucxT05c+eH36yQVBxwv++AsG3sV7FlvU=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1pQUN1-0007Ei-8g for openvpn-devel@lists.sourceforge.net; Fri, 10 Feb 2023 14:27:28 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1pQUMq-00051i-8s for openvpn-devel@lists.sourceforge.net; Fri, 10 Feb 2023 15:27:12 +0100 Received: (nullmailer pid 572368 invoked by uid 10006); Fri, 10 Feb 2023 14:27:12 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 10 Feb 2023 15:27:11 +0100 Message-Id: <20230210142712.572303-8-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230210142712.572303-1-arne@rfc2549.org> References: <20230210142712.572303-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Score: 0.3 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: The messages about cipher initialisation are currently very noisy, especially if tls-auth/tls-crypt is in use. Typically messages like this is display for AES-256-CBC with SHA256: Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key Outgoing Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication Incoming Data Channel: Cipher 'AES-256-CBC' [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1pQUN1-0007Ei-8g Subject: [Openvpn-devel] [PATCH 4/4] Reduce initialisation spam from verb <= 3 and print summary instead X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1757454586076387716?= X-GMAIL-MSGID: =?utf-8?q?1757454586076387716?= The messages about cipher initialisation are currently very noisy, especially if tls-auth/tls-crypt is in use. Typically messages like this is display for AES-256-CBC with SHA256: Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key Outgoing Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key Incoming Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication in addition to the tls-crypt/tls-auth messages that has the amount of messages. These message are not that helpful. The only meaningful information is better suited in compat messages. This commit moves the spammy messages to verb 4 and consistently prints out the cipher/auth used in the data channel instead on verb 2: Data Channel: cipher 'AES-256-CBC' auth 'SHA256' This patches also summarises other aspects of the imported options for VPN connection and prints them (even if not coming from pulled options): Data Channel: cipher 'AES-256-GCM' Timers: ping 8, ping-restart 40 Protocol options: explicit-exit-notify 1, protocol-flags tls-ekm And move the OPTIONS IMPORT: xx modified that are included in the new messages to D_PUSH_DEBUG (verb 7) since they do not add any useful information anymore. Signed-off-by: Arne Schwabe --- src/openvpn/crypto.c | 4 +- src/openvpn/errlevel.h | 1 + src/openvpn/init.c | 143 +++++++++++++++++++++++++++++++++++++++-- src/openvpn/occ.h | 16 +++++ src/openvpn/sig.c | 15 ----- src/openvpn/ssl.c | 5 -- src/openvpn/ssl_ncp.c | 2 +- 7 files changed, 159 insertions(+), 27 deletions(-) diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index 073f47e47..5e1c495b0 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -835,7 +835,7 @@ init_key_ctx(struct key_ctx *ctx, const struct key *key, cipher_ctx_init(ctx->cipher, key->cipher, kt->cipher, enc); const char *ciphername = cipher_kt_name(kt->cipher); - msg(D_HANDSHAKE, "%s: Cipher '%s' initialized with %d bit key", + msg(D_CIPHER_INIT, "%s: Cipher '%s' initialized with %d bit key", prefix, ciphername, cipher_kt_key_size(kt->cipher) * 8); dmsg(D_SHOW_KEYS, "%s: CIPHER KEY: %s", prefix, @@ -850,7 +850,7 @@ init_key_ctx(struct key_ctx *ctx, const struct key *key, ctx->hmac = hmac_ctx_new(); hmac_ctx_init(ctx->hmac, key->hmac, kt->digest); - msg(D_HANDSHAKE, + msg(D_CIPHER_INIT, "%s: Using %d bit message hash '%s' for HMAC authentication", prefix, md_kt_size(kt->digest) * 8, md_kt_name(kt->digest)); diff --git a/src/openvpn/errlevel.h b/src/openvpn/errlevel.h index c69ea91d6..4699d1ac2 100644 --- a/src/openvpn/errlevel.h +++ b/src/openvpn/errlevel.h @@ -105,6 +105,7 @@ #define D_MTU_INFO LOGLEV(4, 61, 0) /* show terse MTU info */ #define D_PID_DEBUG_LOW LOGLEV(4, 63, 0) /* show low-freq packet-id debugging info */ #define D_PID_DEBUG_MEDIUM LOGLEV(4, 64, 0) /* show medium-freq packet-id debugging info */ +#define D_CIPHER_INIT LOGLEV(4, 65, 0) /* show messages about cipher init */ #define D_LOG_RW LOGLEV(5, 0, 0) /* Print 'R' or 'W' to stdout for read/write */ diff --git a/src/openvpn/init.c b/src/openvpn/init.c index b500d3543..66daa7760 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -2209,6 +2209,139 @@ p2p_set_dco_keepalive(struct context *c) } return true; } + +/** + * Helper function for tls_print_deferred_options_results + * Adds the ", " delimitor if there already some data in the + * buffer. + */ +static void +add_delim_if_non_empty(struct buffer *buf, const char *header) +{ + if (buf_len(buf) > strlen(header)) + { + buf_printf(buf, ", "); + } +} + + +/** + * Prints the results of options imported for the data channel + * @param o + */ +static void +tls_print_deferred_options_results(struct context *c) +{ + struct options *o = &c->options; + + struct buffer out; + uint8_t line[1024] = { 0 }; + buf_set_write(&out, line, sizeof(line)); + + + if (cipher_kt_mode_aead(o->ciphername)) + { + buf_printf(&out, "Data Channel: cipher '%s'", + cipher_kt_name(o->ciphername)); + } + else + { + buf_printf(&out, "Data Channel: cipher '%s', auth '%s'", + cipher_kt_name(o->ciphername), md_kt_name(o->authname)); + } + + if (o->use_peer_id) + { + buf_printf(&out, ", peer-id: %d", o->peer_id); + } + + if (c->c2.comp_context) + { + buf_printf(&out, ", compression: '%s'", c->c2.comp_context->alg.name); + } + + msg(D_HANDSHAKE, "%s", BSTR(&out)); + + buf_clear(&out); + + const char *header = "Timers: "; + + buf_printf(&out, "%s", header); + + if (o->ping_send_timeout) + { + buf_printf(&out, "ping %d", o->ping_send_timeout); + } + + if (o->ping_rec_timeout_action != PING_UNDEF) + { + /* yes unidirectional ping is possible .... */ + add_delim_if_non_empty(&out, header); + + if (o->ping_rec_timeout_action == PING_EXIT) + { + buf_printf(&out, "ping-exit %d", o->ping_rec_timeout); + } + else + { + buf_printf(&out, "ping-restart %d", o->ping_rec_timeout); + } + } + + if (o->inactivity_timeout) + { + add_delim_if_non_empty(&out, header); + + buf_printf(&out, "inactive %d", o->inactivity_timeout); + if (o->inactivity_minimum_bytes) + { + buf_printf(&out, " %" PRIu64, o->inactivity_minimum_bytes); + } + } + + if (o->session_timeout) + { + add_delim_if_non_empty(&out, header); + buf_printf(&out, "session-timeout %d", o->session_timeout); + } + + if (buf_len(&out) > strlen(header)) + { + msg(D_HANDSHAKE, "%s", BSTR(&out)); + } + + buf_clear(&out); + header = "Protocol options: "; + buf_printf(&out, "%s", header); + + if (c->options.ce.explicit_exit_notification) + { + buf_printf(&out, "explicit-exit-notify %d", + c->options.ce.explicit_exit_notification); + } + if (c->options.imported_protocol_flags) + { + add_delim_if_non_empty(&out, header); + + buf_printf(&out, "protocol-flags"); + + if (o->imported_protocol_flags & CO_USE_CC_EXIT_NOTIFY) + { + buf_printf(&out, " cc-exit"); + } + if (o->imported_protocol_flags & CO_USE_TLS_KEY_MATERIAL_EXPORT) + { + buf_printf(&out, " tls-ekm"); + } + } + + if (buf_len(&out) > strlen(header)) + { + msg(D_HANDSHAKE, "%s", BSTR(&out)); + } +} + + /** * This function is expected to be invoked after open_tun() was performed. * @@ -2370,6 +2503,8 @@ do_up(struct context *c, bool pulled_options, unsigned int option_types_found) initialization_sequence_completed(c, error_flags); /* client/p2p restart with --persist-tun */ } + tls_print_deferred_options_results(c); + c->c2.do_up_ran = true; if (c->c2.tls_multi) { @@ -2470,7 +2605,7 @@ do_deferred_options(struct context *c, const unsigned int found) if (found & OPT_P_TIMER) { do_init_timers(c, true); - msg(D_PUSH, "OPTIONS IMPORT: timers and/or timeouts modified"); + msg(D_PUSH_DEBUG, "OPTIONS IMPORT: timers and/or timeouts modified"); } if (found & OPT_P_EXPLICIT_NOTIFY) @@ -2482,14 +2617,14 @@ do_deferred_options(struct context *c, const unsigned int found) } else { - msg(D_PUSH, "OPTIONS IMPORT: explicit notify parm(s) modified"); + msg(D_PUSH_DEBUG, "OPTIONS IMPORT: explicit notify parm(s) modified"); } } #ifdef USE_COMP if (found & OPT_P_COMP) { - msg(D_PUSH, "OPTIONS IMPORT: compression parms modified"); + msg(D_PUSH_DEBUG, "OPTIONS IMPORT: compression parms modified"); comp_uninit(c->c2.comp_context); c->c2.comp_context = comp_init(&c->options.comp); } @@ -2540,7 +2675,7 @@ do_deferred_options(struct context *c, const unsigned int found) if (found & OPT_P_PEER_ID) { - msg(D_PUSH, "OPTIONS IMPORT: peer-id set"); + msg(D_PUSH_DEBUG, "OPTIONS IMPORT: peer-id set"); c->c2.tls_multi->use_peer_id = true; c->c2.tls_multi->peer_id = c->options.peer_id; } diff --git a/src/openvpn/occ.h b/src/openvpn/occ.h index 4320bd119..e382482f6 100644 --- a/src/openvpn/occ.h +++ b/src/openvpn/occ.h @@ -153,4 +153,20 @@ check_send_occ_msg(struct context *c) } } +/** + * Small helper function to determine if we should send the exit notification + * via control channel. + * @return control channel exit message should be used */ +static inline bool +cc_exit_notify_enabled(struct context *c) +{ + /* Check if we have TLS active at all */ + if (!c->c2.tls_multi) + { + return false; + } + + const struct key_state *ks = get_primary_key(c->c2.tls_multi); + return (ks->crypto_options.flags & CO_USE_CC_EXIT_NOTIFY); +} #endif /* ifndef OCC_H */ diff --git a/src/openvpn/sig.c b/src/openvpn/sig.c index 0d5346010..5b89bb42b 100644 --- a/src/openvpn/sig.c +++ b/src/openvpn/sig.c @@ -342,21 +342,6 @@ print_status(const struct context *c, struct status_output *so) } -/* Small helper function to determine if we should send the exit notification - * via control channel */ -static inline bool -cc_exit_notify_enabled(struct context *c) -{ - /* Check if we have TLS active at all */ - if (!c->c2.tls_multi) - { - return false; - } - - const struct key_state *ks = get_primary_key(c->c2.tls_multi); - return (ks->crypto_options.flags & CO_USE_CC_EXIT_NOTIFY); -} - /* * Handle the triggering and time-wait of explicit * exit notification. diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 016bdc57f..47f3702b2 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -1730,11 +1730,6 @@ tls_session_update_crypto_params_do_work(struct tls_multi *multi, return true; } - if (strcmp(options->ciphername, session->opt->config_ciphername)) - { - msg(D_HANDSHAKE, "Data Channel: using negotiated cipher '%s'", - options->ciphername); - } init_key_type(&session->opt->key_type, options->ciphername, options->authname, true, true); diff --git a/src/openvpn/ssl_ncp.c b/src/openvpn/ssl_ncp.c index fe6f6fa7c..97619be5e 100644 --- a/src/openvpn/ssl_ncp.c +++ b/src/openvpn/ssl_ncp.c @@ -318,7 +318,7 @@ check_pull_client_ncp(struct context *c, const int found) { if (found & OPT_P_NCP) { - msg(D_PUSH, "OPTIONS IMPORT: data channel crypto options modified"); + msg(D_PUSH_DEBUG, "OPTIONS IMPORT: data channel crypto options modified"); return true; } From patchwork Fri Feb 10 14:27:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 3074 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp1312622dyk; Fri, 10 Feb 2023 06:27:50 -0800 (PST) X-Google-Smtp-Source: AK7set/Tyvjn2c6ACRyYdVFTX7fZ+RJl+m5nHMIH/nY90mXAwe7TLPLPtbQkdOHJ4mYKrY0/C5Zp X-Received: by 2002:a05:6a00:3497:b0:5a8:1866:7cfe with SMTP id cp23-20020a056a00349700b005a818667cfemr7843359pfb.17.1676039270275; Fri, 10 Feb 2023 06:27:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676039270; cv=none; d=google.com; s=arc-20160816; b=mDV/FP7jQjf8xsaX188SEzD6h2heS3p0EwRKf+OES6aUjNLwUZMLQQwiPAKhhnUnXn /hYYQO9T4ibj0rqf1FW43SMRaNY44d/XgDCJmzcsUV2H5v3ls5csS1/6JZNHJyL1Rwoa 6X+Xv09SFYAIcjYPyRygPWkpOxKH//BK6mObn4wLEs05+nIEfYobDWSoV9WVhEFvm8QE Sa6djCDBCTFQNKovR+OmgSdpBYUHQli74brtTRS7E7JhgbvUfp4a9HSfVNmZ1UzjPIqe atibjoCSiXNZtH4KwlvZkYpEFd8tH8PnkcQV5b0v8ipOxaOOSRB3Vy1ZhMppDAPQujBX gJqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=KWI2NFnYDf1EDmTyZWgI4fHQkk2gMO4HG492vm2eIqg=; b=CiS/CjugKnipPCivzUK4wY/rs0CQC7hmnqfHXfjeDYMUjKPxAhimBxYXDcIMK/rkyP tVeQdPkqd1L22wGFFij/Kv3e9bTIFM/t5+viVt/LPPQmiqWXzje3/9n3q9iEpjYiKPB/ QP6F8BBC+2qGwwExTv40jhUETzBuIZgquLVuN4a+18lfz03JgVF6LuMIAVhGoBXYp6M6 xVuBjNU4lUzARJcJJ8kcWvCn3GkGKaOeo9rSB2wYiDTPf4yt4emg70Mt1Qg4Crw7e/zd FlxzIyirxGoRl7ZvPQiBUuVUG0bKwHE4ZTxluTkLKvmnDNLzSYrElInCu3CH9HqFlmMQ Hs/g== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="JRFSTI/r"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=jitEifML; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id b24-20020aa79518000000b005a862e1759fsi3769115pfp.329.2023.02.10.06.27.50 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 10 Feb 2023 06:27:50 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="JRFSTI/r"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=jitEifML; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pQUNB-0002nR-2P; Fri, 10 Feb 2023 14:27:32 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pQUN7-0002ml-EH for openvpn-devel@lists.sourceforge.net; Fri, 10 Feb 2023 14:27:28 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=2Y02sQA3pTWW58uLK+QaIO508tMTdyzyRqqYiyPPljs=; b=JRFSTI/rTYYRmKVnzr84KM6VpM QNn47lVH/kAGZZ7Sdx8VFOSirsLukE08mvKuOpT3J8B/ui7AA6M1LRY9jyvanQZrfFtOkfsJuMU/I KXT4iNyrsS0X3hZbQXMA5dNj5Pdk/tILVzLQJILm1G4Ag5loInbcHM6P5+soU/s86FQA=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=2Y02sQA3pTWW58uLK+QaIO508tMTdyzyRqqYiyPPljs=; b=jitEifMLhUT0XnIJa8A42q0HTu SqjhLY2lI6HbL4OJMa2JRJLftloOR91j/51IMOw3OIO1yxqqwvfz/JFnyuH4u9wDLZJXspsc76b4B 9u2Zvicitu5lL4MrpWcWjcw0pQp6FQTvT+cvTYUbzRC71KV2mDd9oE9pRZOQzuooGvZc=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1pQUN1-00HHnq-9P for openvpn-devel@lists.sourceforge.net; Fri, 10 Feb 2023 14:27:28 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1pQUMq-00051k-9X for openvpn-devel@lists.sourceforge.net; Fri, 10 Feb 2023 15:27:12 +0100 Received: (nullmailer pid 572371 invoked by uid 10006); Fri, 10 Feb 2023 14:27:12 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 10 Feb 2023 15:27:12 +0100 Message-Id: <20230210142712.572303-9-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230210142712.572303-1-arne@rfc2549.org> References: <20230210142712.572303-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Score: 0.3 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This runs each test in its own action since order of stderr and stdout is seemingly random in github action Windows output and this way at least tests outputs are groups gy test Patch v2: use -static-libgcc to avoid comping gcc runtime libraries. Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1pQUN1-00HHnq-9P Subject: [Openvpn-devel] [PATCH v2 5/5] Add building unit tests with mingw to github actions X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1757454553676474591?= X-GMAIL-MSGID: =?utf-8?q?1757454553676474591?= This runs each test in its own action since order of stderr and stdout is seemingly random in github action Windows output and this way at least tests outputs are groups gy test Patch v2: use -static-libgcc to avoid comping gcc runtime libraries. Signed-off-by: Arne Schwabe --- .github/workflows/build.yaml | 111 ++++++++++++++++++++++++++++++++++- 1 file changed, 109 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 5888e91e5..a1026fddb 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -55,9 +55,10 @@ jobs: PKCS11_HELPER_VERSION: "1.29.0" OPENSSL_VERSION: "${{ matrix.osslver }}" TAP_WINDOWS_VERSION: "9.23.3" + CMOCKA_VERSION: "1.1.5" steps: - name: Install dependencies - run: sudo apt update && sudo apt install -y mingw-w64 libtool automake autoconf man2html unzip + run: sudo apt update && sudo apt install -y mingw-w64 libtool automake autoconf man2html unzip cmake ninja-build build-essential wget - name: Checkout OpenVPN uses: actions/checkout@v3 with: @@ -72,7 +73,7 @@ jobs: uses: actions/cache@v3 with: path: '~/mingw/' - key: ${{ matrix.target }}-mingw-${{ matrix.osslver }}-${{ env.LZO_VERSION }}-${{ env.PKCS11_HELPER_VERSION }}-${{ env.TAP_WINDOWS_VERSION }} + key: ${{ matrix.target }}-mingw-${{ matrix.osslver }}-${{ env.LZO_VERSION }}-${{ env.PKCS11_HELPER_VERSION }}-${{ env.TAP_WINDOWS_VERSION }}--${{ env.CMOCKA_VERSION }} # Repeating if: steps.cache.outputs.cache-hit != 'true' # on every step for building dependencies is ugly but @@ -84,12 +85,33 @@ jobs: wget -c -P download-cache/ "https://build.openvpn.net/downloads/releases/tap-windows-${TAP_WINDOWS_VERSION}.zip" wget -c -P download-cache/ "https://www.oberhumer.com/opensource/lzo/download/lzo-${LZO_VERSION}.tar.gz" wget -c -P download-cache/ "https://github.com/OpenSC/pkcs11-helper/releases/download/pkcs11-helper-${PKCS11_HELPER_VERSION}/pkcs11-helper-${PKCS11_HELPER_VERSION}.tar.bz2" + wget -c -P download-cache/ "https://github.com/coreboot/cmocka/archive/refs/tags/cmocka-${CMOCKA_VERSION}.tar.gz" tar jxf "download-cache/pkcs11-helper-${PKCS11_HELPER_VERSION}.tar.bz2" wget -c -P download-cache/ "https://www.openssl.org/source/old/1.1.1/openssl-${OPENSSL_VERSION}.tar.gz" || wget -c -P download-cache/ "https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz" tar zxf "download-cache/openssl-${OPENSSL_VERSION}.tar.gz" tar zxf "download-cache/lzo-${LZO_VERSION}.tar.gz" + tar zxf "download-cache/cmocka-${CMOCKA_VERSION}.tar.gz" unzip download-cache/tap-windows-${TAP_WINDOWS_VERSION}.zip + - name: create cmocka build directory + if: steps.cache.outputs.cache-hit != 'true' + run: mkdir cmocka-build + + - name: configure cmocka + if: steps.cache.outputs.cache-hit != 'true' + working-directory: "./cmocka-build" + run: cmake -GNinja -DCMAKE_C_COMPILER=${{ matrix.chost }}-gcc -DCMAKE_CXX_COMPILER=${{ matrix.chost }}-g++ -DCMAKE_SYSTEM_NAME=Windows -DCMAKE_SHARED_LINKER_FLAGS=-static-libgcc -DCMAKE_PREFIX_PATH=${HOME}/mingw/opt/lib/pkgconfig/ -DCMAKE_INCLUDE_PATH=${HOME}/mingw/opt/lib/include -DCMAKE_LIBRARY_PATH=${HOME}/mingw/opt/lib -DCMAKE_INSTALL_PREFIX=${HOME}/mingw/opt/ ../cmocka-cmocka-${{ env.CMOCKA_VERSION }} + + - name: build cmocka + if: steps.cache.outputs.cache-hit != 'true' + working-directory: "./cmocka-build" + run: ninja + + - name: install cmocka + if: steps.cache.outputs.cache-hit != 'true' + working-directory: "./cmocka-build" + run: ninja install + - name: Configure OpenSSL if: steps.cache.outputs.cache-hit != 'true' run: ./Configure --cross-compile-prefix=${{ matrix.chost }}- shared ${{ matrix.target }} no-capieng --prefix="${HOME}/mingw/opt" --openssldir="${HOME}/mingw/opt" -static-libgcc @@ -154,6 +176,90 @@ jobs: - name: build OpenVPN run: make -j3 working-directory: openvpn + - name: build OpenVPN unittests + run: make -j3 check + working-directory: openvpn + + # We use multiple upload-artifact here, so it becomes a flat folder + # structure since we need the dlls on the same level as the binaries + - name: Archive cmocka/openssl/lzo dlls + uses: actions/upload-artifact@v3 + with: + retention-days: 1 + name: mingw-unittest-${{matrix.target}}-ossl${{ matrix.osslver }}-dlls + path: '~/mingw/opt/bin/*.dll' + + # libtool puts some wrapper binaries in openvpn/tests/unit_tests/openvpn/ + # and the real binaries in openvpn/tests/unit_tests/openvpn/.libs/ + - name: Archive unittest artifacts + uses: actions/upload-artifact@v3 + with: + retention-days: 1 + name: mingw-unittest-${{matrix.target}}-ossl${{ matrix.osslver }}-tests + path: openvpn/tests/unit_tests/openvpn/.libs/*.exe + + # Currently not used by the unit test but might in the future and also + # helpful if manually downloading and running openvpn.exe from a mingw + # build + - name: Archive openvpn binary + uses: actions/upload-artifact@v3 + with: + retention-days: 1 + name: mingw-unittest-${{matrix.target}}-ossl${{ matrix.osslver }}-tests + path: openvpn/src/openvpn/.libs/*.exe + + mingw-unittest: + needs: [ mingw ] + strategy: + fail-fast: false + matrix: + osslver: [ 1.1.1q, 3.0.5 ] + target: [ mingw64, mingw ] + + runs-on: windows-latest + name: "mingw unittests - ${{matrix.target}} - OSSL ${{ matrix.osslver }}" + steps: + - name: Retrieve mingw unittest dlls + uses: actions/download-artifact@v3 + with: + name: mingw-unittest-${{matrix.target}}-ossl${{ matrix.osslver }}-dlls + path: unittests + + - name: Retrieve mingw unittest + uses: actions/download-artifact@v3 + with: + name: mingw-unittest-${{matrix.target}}-ossl${{ matrix.osslver }}-tests + path: unittests + + - name: List unittests directory + run: "dir unittests" + + - name: Run argvunit test + run: ./unittests/argv_testdriver.exe + + - name: Run auth_tokenunit test + run: ./unittests/auth_token_testdriver.exe + + - name: Run bufferunit test + run: ./unittests/buffer_testdriver.exe + + - name: Run cryptounit test + run: ./unittests/crypto_testdriver.exe + + - name: Run miscunit test + run: ./unittests/misc_testdriver.exe + + - name: Run ncpunit test + run: ./unittests/ncp_testdriver.exe + + - name: Run packet idunit test + run: ./unittests/packet_id_testdriver.exe + + - name: Run pktunit test + run: ./unittests/pkt_testdriver.exe + + - name: Run providerunit test + run: ./unittests/provider_testdriver.exe ubuntu: strategy: @@ -450,3 +556,4 @@ jobs: run: make -j3 - name: make check run: make check +