From patchwork Sun Sep 22 14:15:37 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "ralf_lici (Code Review)" X-Patchwork-Id: 3851 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:10cd:b0:5b9:581e:f939 with SMTP id j13csp1728935mae; Sun, 22 Sep 2024 07:15:56 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCUQ4j+UpizGL1K3i1Y7p0X7c87GjlZROK/Y1U/j9hqijfGypq65qiFkHpX+3TZP0fksxqOlJ6xGMSw=@openvpn.net X-Google-Smtp-Source: AGHT+IHMpo1pbH8D8GE/SDadikcJPrWu5lHfWn27a6PbVVtL9P4OUPxIQTvBLRiqbIwaoYR9uOUc X-Received: by 2002:a05:6e02:1b0d:b0:3a0:9043:59ac with SMTP id e9e14a558f8ab-3a0c8d387bamr77240835ab.25.1727014556066; Sun, 22 Sep 2024 07:15:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1727014556; cv=none; d=google.com; s=arc-20240605; b=FYJklACnUQzhsHC+ygIt5/qOKNF/VSwW9xGju2+EPT1t2x3r0+SLKG7Gf6T+vEQbCT YP8W3aCx3t6TQye7IOLzeSKzzPCoEqL9dOThIXntMeNV2chOSxJtAzcUjzk0k6Aoim3T /g5oDiNgbuur/OUgxvZUcRaK80DW9uXzHeoJpBFihCN2bxc/sU+v6aIEZpDpCE/Qvp9a biH2zBY4PFsy9miE1InAISdGRVKSI7JrNiQBdUuVCH08pX3wILAFSs94qOuljsRyn54f 5OjjzEHdYmJxtvXEBkoR5o4MUaEF4JJLZcUwqG5KICIuSgUSERJsfEA176E6/NLjXZxY BioQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=MOLdiBnD2oKO6pHBYKJs2C5EzpplsaEdHbeezNg/PP0=; fh=GFP4qDxgyJ2WEPo/oeLZg3Mj4NqvY1j2nTvTt7psNwg=; b=buE6lXeOV9sVxF+y/yZCys8beXer20PIAZA81MYMvvITfpW7tPVCnfu6AWEEqyGpYk V/fyvb9fPnPSnZOh1eLdn/S+kfJTXdsUeVlb8Th8T4bCAnPEx5BIeTb9nyjV3UMPTR4M fbg354MmmnJuioniOEMgUHZ6p6eDSXUAg3YSfBlZMUlay+ItKhNybpS22PDmP/JZC9t1 hsu+awSuWksH0WvbwOVF8ZHf8DVWM7IL3UmwglqDVU53py/Cj296xaYcSPfFJhXMSlRt Gkf9i68fVPaFazBEaz4bXtZmY0SFOHmssUwdITjANsDS12yV69joBJVZFOo+uLk3Fe+1 tnJA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=hdARPkhW; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=dPWSzD8F; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=VUy+thin; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 8926c6da1cb9f-4d37ebdffc3si8493603173.15.2024.09.22.07.15.55 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 22 Sep 2024 07:15:56 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=hdARPkhW; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=dPWSzD8F; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=VUy+thin; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1ssNNN-000559-Pi; Sun, 22 Sep 2024 14:15:49 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1ssNNL-000552-Cw for openvpn-devel@lists.sourceforge.net; Sun, 22 Sep 2024 14:15:47 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=g9KCBrnbR2aKAPVG4DnFKh6VSyGGKOf35qqAw05OT4g=; b=hdARPkhWcTXr71VfRKE2bVWOfo GIx5VmssHJFwbtWmeJx9jC47r4VcB+9IVM3bcNYidNuRZoV/ns9ba8bnNMiykVykfE6J44Ug/GhlK S0YhrIM0Pfa+m6R78LpNiO7efhS+WOhhCowixNwTgVcVLHKrnwZZCX2csjk2uZH9WTdQ=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=g9KCBrnbR2aKAPVG4DnFKh6VSyGGKOf35qqAw05OT4g=; b=d PWSzD8FwvHbS36MNnSaQp3udsiq8xMCJgEkltOeY8smyM1B1J5oZbAndcNPrOG7Ep0W/FASbX+G/B wGEPKCpET/fINyiT2U8zcvLXE8MI/cTb71WMsCBMVwhdLfXg2fNVcdG9sg8wDOK6rY+VoOhh4Bwnv KJ6Mfm0YdQWr1j84=; Received: from mail-wm1-f43.google.com ([209.85.128.43]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1ssNNJ-00006f-E7 for openvpn-devel@lists.sourceforge.net; Sun, 22 Sep 2024 14:15:47 +0000 Received: by mail-wm1-f43.google.com with SMTP id 5b1f17b1804b1-42cb7a2e4d6so31181385e9.0 for ; Sun, 22 Sep 2024 07:15:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1727014539; x=1727619339; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=g9KCBrnbR2aKAPVG4DnFKh6VSyGGKOf35qqAw05OT4g=; b=VUy+thin/MUxrOgIY8QOwbBj/LDvxeLE+K1a3UekUENivcEof70gl+bMcvfWndWeCc rkiL43T8418dVUgGSOxV3Y192Egl1TjAr61RSbQhb6oWooWgGQAAenbt3VOhhB7Vg+tp RIN82+RE42E126TPrB2/rRVcIhgmTW/XAQSQ9xdhSq6e4b1clYtwUNjnUIbgnj+Dj/l0 soT2aqJw/R8V2E7ClbkIS9aBgt6i5ZXC2OuJ5E+dE8iAPs+J1hF7DN86mwwer75ABp+r TpY85Rv8/c0QaCaT8xEGmkIvuyJRQlGbcPwia7kCIJG00dgGwhDqH4QiBK2DiQbnqbcK Vi4g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727014539; x=1727619339; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=g9KCBrnbR2aKAPVG4DnFKh6VSyGGKOf35qqAw05OT4g=; b=lBnBe7o6gVjwy3P/2WBk5TLJDBvRMf7ax6s3YF+47955k4TbQNZZK9nJvDpk77dnq1 9z8+UNTYDK6HGgJScu9VjsFFd0fLZLRfnacnfTHirT68bKfITWO/6H0AvicVet9sFukS CwWMoM3TGnSGCWWZC46C3S0Mwd+BeCVOdhmrzZwcGGyXlXSsWc31ULYH+qVGr4SMed5v aJcWmMjW4yNYncBRDQjw/H0EVzanc66E9Biq1gC6RlIiPYxx50uZW9hpg8p8QvNCBbIs dM+InTBHRdNHoDDnztfcoA6vchC/Iz9I0JMGBpGHYuh/0COhCkCnAzsR8waav5OQ6kvZ TlwA== X-Gm-Message-State: AOJu0YxsxPHf/NbucVbRRB77/+hw8+jV7W5DeoLA5/TZOUh3lse8fFLM z2ig4GNMc7nFOy3xDpcc61eZdxdag/nFeeX+7Uf6oOr/tfi7zOhHzmjgfxXjtbJ3uA5SSZ7ac/n 7 X-Received: by 2002:a05:600c:548e:b0:42c:b7e2:3bc3 with SMTP id 5b1f17b1804b1-42e7ac244f3mr66463545e9.19.1727014538699; Sun, 22 Sep 2024 07:15:38 -0700 (PDT) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-378e78002fcsm22165681f8f.66.2024.09.22.07.15.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 22 Sep 2024 07:15:38 -0700 (PDT) From: "flichtenheld (Code Review)" X-Google-Original-From: "flichtenheld (Code Review)" X-Gerrit-PatchSet: 1 Date: Sun, 22 Sep 2024 14:15:37 +0000 To: plaisthos Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: I402ba016b75cfcfec4fc8b2b01cc4eca7e2bcc60 X-Gerrit-Change-Number: 755 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: f61745d999b1c6fa1fb22084703bdea52bb5cc6f References: Message-ID: MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -1.1 (-) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: plaisthos. Hello plaisthos, I'd like you to do a code review. Please visit Content analysis details: (-1.1 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.9 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.43 listed in wl.mailspike.net] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.128.43 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML X-Headers-End: 1ssNNJ-00006f-E7 Subject: [Openvpn-devel] [L] Change in openvpn[master]: Remove support for compression on send X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: frank@lichtenheld.com, arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1810906014905737961?= X-GMAIL-MSGID: =?utf-8?q?1810906014905737961?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: plaisthos. Hello plaisthos, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/755?usp=email to review the following change. Change subject: Remove support for compression on send ...................................................................... Remove support for compression on send We can't disable compression support on receive because that would break too many configurations out there. But we can remove the support for compressing outgoing traffic, it was disabled by default anyway. Makes --allow-compression yes is an alias for --allow-compression asym and removes all resulting dead code. Change-Id: I402ba016b75cfcfec4fc8b2b01cc4eca7e2bcc60 Signed-off-by: Frank Lichtenheld --- M Changes.rst M src/openvpn/comp-lz4.c M src/openvpn/comp.h M src/openvpn/dco.c M src/openvpn/lzo.c M src/openvpn/options.c 6 files changed, 19 insertions(+), 269 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/55/755/1 diff --git a/Changes.rst b/Changes.rst index 439352a..b9287ce 100644 --- a/Changes.rst +++ b/Changes.rst @@ -46,6 +46,12 @@ Support for building with OpenSSL 1.0.2 has been removed. The minimum supported OpenSSL version is now 1.1.0. +Compression on send + OpenVPN 2.7 will never compress data before sending. Decompression of + received data is still supported. + ``--allow-compression yes`` is now an alias for + ``--allow-compression asym``. + Overview of changes in 2.6 ========================== diff --git a/src/openvpn/comp-lz4.c b/src/openvpn/comp-lz4.c index ac020a4..f9eee11 100644 --- a/src/openvpn/comp-lz4.c +++ b/src/openvpn/comp-lz4.c @@ -55,129 +55,11 @@ { } -static bool -do_lz4_compress(struct buffer *buf, - struct buffer *work, - struct compress_context *compctx, - const struct frame *frame) -{ - /* - * In order to attempt compression, length must be at least COMPRESS_THRESHOLD. - * and asymmetric compression must be disabled - */ - if (buf->len >= COMPRESS_THRESHOLD && (compctx->flags & COMP_F_ALLOW_COMPRESS)) - { - const size_t ps = frame->buf.payload_size; - int zlen_max = ps + COMP_EXTRA_BUFFER(ps); - int zlen; - - ASSERT(buf_init(work, frame->buf.headroom)); - ASSERT(buf_safe(work, zlen_max)); - - if (buf->len > ps) - { - dmsg(D_COMP_ERRORS, "LZ4 compression buffer overflow"); - buf->len = 0; - return false; - } - - zlen = LZ4_compress_default((const char *)BPTR(buf), (char *)BPTR(work), BLEN(buf), zlen_max); - - if (zlen <= 0) - { - dmsg(D_COMP_ERRORS, "LZ4 compression error"); - buf->len = 0; - return false; - } - - ASSERT(buf_safe(work, zlen)); - work->len = zlen; - - - dmsg(D_COMP, "LZ4 compress %d -> %d", buf->len, work->len); - compctx->pre_compress += buf->len; - compctx->post_compress += work->len; - return true; - } - return false; -} - - static void lz4_compress(struct buffer *buf, struct buffer work, struct compress_context *compctx, const struct frame *frame) { - bool compressed; - if (buf->len <= 0) - { - return; - } - - compressed = do_lz4_compress(buf, &work, compctx, frame); - - /* On error do_lz4_compress sets buf len to zero, just return */ - if (buf->len == 0) - { - return; - } - - /* did compression save us anything? */ - { - uint8_t comp_head_byte = NO_COMPRESS_BYTE_SWAP; - if (compressed && work.len < buf->len) - { - *buf = work; - comp_head_byte = LZ4_COMPRESS_BYTE; - } - - { - uint8_t *head = BPTR(buf); - uint8_t *tail = BEND(buf); - ASSERT(buf_safe(buf, 1)); - ++buf->len; - - /* move head byte of payload to tail */ - *tail = *head; - *head = comp_head_byte; - } - } -} - - -static void -lz4v2_compress(struct buffer *buf, struct buffer work, - struct compress_context *compctx, - const struct frame *frame) -{ - bool compressed; - if (buf->len <= 0) - { - return; - } - - compressed = do_lz4_compress(buf, &work, compctx, frame); - - /* On Error just return */ - if (buf->len == 0) - { - return; - } - - /* did compression save us anything? Include 2 byte compression header - * in calculation */ - if (compressed && work.len + 2 < buf->len) - { - ASSERT(buf_prepend(&work, 2)); - uint8_t *head = BPTR(&work); - head[0] = COMP_ALGV2_INDICATOR_BYTE; - head[1] = COMP_ALGV2_LZ4_BYTE; - *buf = work; - } - else - { - compv2_escape_data_ifneeded(buf); - } } static void @@ -305,7 +187,7 @@ "lz4v2", lz4v2_compress_init, lz4_compress_uninit, - lz4v2_compress, + lz4_compress, lz4v2_decompress }; #endif /* ENABLE_LZ4 */ diff --git a/src/openvpn/comp.h b/src/openvpn/comp.h index 267f680b..decf0d9 100644 --- a/src/openvpn/comp.h +++ b/src/openvpn/comp.h @@ -33,7 +33,8 @@ /* Compression flags */ #define COMP_F_ADAPTIVE (1<<0) /* COMP_ALG_LZO only */ -#define COMP_F_ALLOW_COMPRESS (1<<1) /* not only downlink is compressed but also uplink */ +/*Removed */ +/*#define COMP_F_ALLOW_COMPRESS (1<<1) / * not only downlink is compressed but also uplink * / */ #define COMP_F_SWAP (1<<2) /* initial command byte is swapped with last byte in buffer to preserve payload alignment */ #define COMP_F_ADVERTISE_STUBS_ONLY (1<<3) /* tell server that we only support compression stubs */ #define COMP_F_ALLOW_STUB_ONLY (1<<4) /* Only accept stub compression, even with COMP_F_ADVERTISE_STUBS_ONLY diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c index 7f0d53d..49f08d6 100644 --- a/src/openvpn/dco.c +++ b/src/openvpn/dco.c @@ -413,8 +413,7 @@ #if defined(USE_COMP) if (o->comp.alg != COMP_ALG_UNDEF - || o->comp.flags & COMP_F_ALLOW_ASYM - || o->comp.flags & COMP_F_ALLOW_COMPRESS) + || o->comp.flags & COMP_F_ALLOW_ASYM) { msg(msglevel, "Note: '--allow-compression' is not set to 'no', disabling data channel offload."); diff --git a/src/openvpn/lzo.c b/src/openvpn/lzo.c index bab2d78..a3cf3c1 100644 --- a/src/openvpn/lzo.c +++ b/src/openvpn/lzo.c @@ -39,54 +39,6 @@ #include "memdbg.h" -/** - * Perform adaptive compression housekeeping. - * - * @param ac the adaptive compression state structure. - * - * @return - */ -static bool -lzo_adaptive_compress_test(struct lzo_adaptive_compress *ac) -{ - const bool save = ac->compress_state; - const time_t local_now = now; - - if (!ac->compress_state) - { - if (local_now >= ac->next) - { - if (ac->n_total > AC_MIN_BYTES - && (ac->n_total - ac->n_comp) < (ac->n_total / (100 / AC_SAVE_PCT))) - { - ac->compress_state = true; - ac->next = local_now + AC_OFF_SEC; - } - else - { - ac->next = local_now + AC_SAMP_SEC; - } - dmsg(D_COMP, "lzo_adaptive_compress_test: comp=%d total=%d", ac->n_comp, ac->n_total); - ac->n_total = ac->n_comp = 0; - } - } - else - { - if (local_now >= ac->next) - { - ac->next = local_now + AC_SAMP_SEC; - ac->n_total = ac->n_comp = 0; - ac->compress_state = false; - } - } - - if (ac->compress_state != save) - { - dmsg(D_COMP_LOW, "Adaptive compression state %s", (ac->compress_state ? "OFF" : "ON")); - } - - return !ac->compress_state; -} static inline void lzo_adaptive_compress_data(struct lzo_adaptive_compress *ac, int n_total, int n_comp) @@ -118,92 +70,13 @@ compctx->wu.lzo.wmem = NULL; } -static inline bool -lzo_compression_enabled(struct compress_context *compctx) -{ - if (!(compctx->flags & COMP_F_ALLOW_COMPRESS)) - { - return false; - } - else - { - if (compctx->flags & COMP_F_ADAPTIVE) - { - return lzo_adaptive_compress_test(&compctx->wu.lzo.ac); - } - else - { - return true; - } - } -} - static void lzo_compress(struct buffer *buf, struct buffer work, struct compress_context *compctx, const struct frame *frame) { - lzo_uint zlen = 0; - int err; - bool compressed = false; - - if (buf->len <= 0) - { - return; - } - - /* - * In order to attempt compression, length must be at least COMPRESS_THRESHOLD, - * and our adaptive level must give the OK. - */ - if (buf->len >= COMPRESS_THRESHOLD && lzo_compression_enabled(compctx)) - { - const size_t ps = frame->buf.payload_size; - ASSERT(buf_init(&work, frame->buf.headroom)); - ASSERT(buf_safe(&work, ps + COMP_EXTRA_BUFFER(ps))); - - if (buf->len > ps) - { - dmsg(D_COMP_ERRORS, "LZO compression buffer overflow"); - buf->len = 0; - return; - } - - err = LZO_COMPRESS(BPTR(buf), BLEN(buf), BPTR(&work), &zlen, compctx->wu.lzo.wmem); - if (err != LZO_E_OK) - { - dmsg(D_COMP_ERRORS, "LZO compression error: %d", err); - buf->len = 0; - return; - } - - ASSERT(buf_safe(&work, zlen)); - work.len = zlen; - compressed = true; - - dmsg(D_COMP, "LZO compress %d -> %d", buf->len, work.len); - compctx->pre_compress += buf->len; - compctx->post_compress += work.len; - - /* tell adaptive level about our success or lack thereof in getting any size reduction */ - if (compctx->flags & COMP_F_ADAPTIVE) - { - lzo_adaptive_compress_data(&compctx->wu.lzo.ac, buf->len, work.len); - } - } - - /* did compression save us anything ? */ - if (compressed && work.len < buf->len) - { - uint8_t *header = buf_prepend(&work, 1); - *header = LZO_COMPRESS_BYTE; - *buf = work; - } - else - { - uint8_t *header = buf_prepend(buf, 1); - *header = NO_COMPRESS_BYTE; - } + uint8_t *header = buf_prepend(buf, 1); + *header = NO_COMPRESS_BYTE; } static void diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 649f48b..4745ddf 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -5715,17 +5715,10 @@ { if (comp_non_stub_enabled(info)) { - /* - * Check if already displayed the strong warning and enabled full - * compression - */ - if (!(info->flags & COMP_F_ALLOW_COMPRESS)) - { - msg(M_WARN, "WARNING: Compression for receiving enabled. " - "Compression has been used in the past to break encryption. " - "Sent packets are not compressed unless \"allow-compression yes\" " - "is also set."); - } + msg(M_WARN, "WARNING: Compression for receiving enabled. " + "Compression has been used in the past to break encryption. " + "Compression support is deprecated and we recommend to disable " + "it completely."); } } @@ -8435,18 +8428,14 @@ } else if (streq(p[1], "asym")) { - options->comp.flags &= ~COMP_F_ALLOW_COMPRESS; options->comp.flags |= COMP_F_ALLOW_ASYM; } else if (streq(p[1], "yes")) { - msg(M_WARN, "WARNING: Compression for sending and receiving enabled. Compression has " - "been used in the past to break encryption. Allowing compression allows " - "attacks that break encryption. Using \"--allow-compression yes\" is " - "strongly discouraged for common usage. See --compress in the manual " - "page for more information "); + msg(M_WARN, "DEPRECATED OPTION: \"--allow-compression yes\" has been removed. " + "We will use \"asym\" mode instead. See the manual page for more information."); - options->comp.flags |= COMP_F_ALLOW_COMPRESS; + options->comp.flags |= COMP_F_ALLOW_ASYM; } else {