From patchwork Mon May 19 13:34:08 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4259 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7001:16c2:b0:662:a395:de2b with SMTP id bp2csp665127mac; Mon, 19 May 2025 06:34:36 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVZMZwRfGVazd348WsV2n2vHKWmaKdcYNSbfJgXITkxUStrurcSdBiqYWsiPDlV3H553M6ZOdiFOHI=@openvpn.net X-Google-Smtp-Source: AGHT+IHYdOZYKdfd2H770/nNW3Qg2vkiQ9V2+u1o+tjxyi9vqhJkprEG4pxbo7Jv4cX7LHzvf/yY X-Received: by 2002:a05:6e02:3c02:b0:3d8:1dc7:ca7a with SMTP id e9e14a558f8ab-3db84296d9amr141258985ab.5.1747661676108; Mon, 19 May 2025 06:34:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1747661676; cv=none; d=google.com; s=arc-20240605; b=VDyNDtTYTBl08tyGlp/Mu3QSXccrLxnjolUHxOsOWXqyDzrAxQ07/feFlsDCs9jpkJ k2W2AwXZz2VTAHoD7cpkZ2xSOvdBdcLyTafSbEn6qUOOvZAjHKgD6HmcURXDKAu5T6VA Xdnk9t7Mm9z3NBSjs4rDUOvpD3iq9mlhUJEttWM1MINQcLUS8VkvlzCWgKF9KcAO6oVR lpJOHNHWF59R2J0xUcTA6iH8dVwWjt3f7etpkCSaf8AOLI/BywGjtDYwFWDdFYTLAYyF ZpVKbrGLWLxvwXAFrMRwcRzgPJeRRI/AUjFM78p4VlI6NNnMxSGRrlxvCbM2u8jHYumh n+JQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=Lx+PhCqEeOTXHEdZq4wjfFLe3b0uMbT0+oyrAk/h2P4=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=AlDX/WSS/EHV35e+SDfuXmoZ7QS52f38McIv+ZlejmxUggSzBRWZUvMkE6GbfhA2vU fmDTSnefpdXyCOxxNXgFPdDwYA2Vv+tr1PrEqZp5YueARhKtgDzA6dfq6y93yZtzSad5 elTdm8bpuBECXNFrhCy4Bj+vLjt2sTzg/oFLiUfDpmkNAetUm4iXauPlK86+ayXhXilX FST224MZ42qoe9YOhrL7qWG1uoljCDWHJ0N17kN9oMMYAekt7K8lbgrGnkJH3Knzejwq N7lySfVeHCPAd2GBaAeRdikJursHWfaEMAuccyf1PzqFfB2akquMt1uBDVlSQZc3Idfr tqRw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=Cm2UVfA3; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=Sf7kJihA; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="Q/Vt6/R0"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id e9e14a558f8ab-3db84398376si36446635ab.26.2025.05.19.06.34.35 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 19 May 2025 06:34:35 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=Cm2UVfA3; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=Sf7kJihA; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="Q/Vt6/R0"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=Lx+PhCqEeOTXHEdZq4wjfFLe3b0uMbT0+oyrAk/h2P4=; b=Cm2UVfA31tgcXVY4iMVxVTVbnR bF/hAweU6PKdluoWcAKj34ABUuKZG6ht+XYASE7bYMJ0jdJIvuvTP3NPc3wsgYplvRMbwa8DagTaY TihQUshcjf+tLrK644EaGEeGRsBbfp6UHWSUhvAgU/Rkeav3wK9pCxBk5APOx6/dVQLk=; Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1uH0dT-0002LO-9S; Mon, 19 May 2025 13:34:31 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1uH0dR-0002LI-8k for openvpn-devel@lists.sourceforge.net; Mon, 19 May 2025 13:34:29 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=sdeDDFCn0XW2kwut/ajnMg5EDNvkCl3hJONvZ/Smylc=; b=Sf7kJihAauZee+YGceynWKEJ12 aPoupZ6rMALKMCT1xQTxlXgMWJ72OD1jysrA4AaPg/4cRmi82OlQOEzSDJRK+/O+VbXZZk3OGALr1 QQpiUujoGzxQ0xONDAxzzcMHfiyOp7SmAxINOOHYhQWsRBEnzosfC1iH6WOg43uih3Yw=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=sdeDDFCn0XW2kwut/ajnMg5EDNvkCl3hJONvZ/Smylc=; b=Q/Vt6/R0cFgKtoqYRIAs6a76Wy LlbZSuwXgKlxpOF2lXbNlL+cL18LfBPboi9OhIGFwuDbOG4G0w/DclJAhQe3wF3TkvZcAE+OiiIO5 GVubiFRXfPe+O5VAb52qxJx0APGWnH+TTjYhtkJ/ot7t2V6G1bKoIfeAQV5X5KrNZ/9o=; Received: from [193.149.48.143] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1uH0dP-00057N-BT for openvpn-devel@lists.sourceforge.net; Mon, 19 May 2025 13:34:29 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.17.1.9/8.17.1.9) with ESMTP id 54JDYFtm013860 for ; Mon, 19 May 2025 15:34:15 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.17.1.9/8.17.1.9/Submit) id 54JDYFx7013859 for openvpn-devel@lists.sourceforge.net; Mon, 19 May 2025 15:34:15 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Mon, 19 May 2025 15:34:08 +0200 Message-ID: <20250519133414.13843-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.7 (+) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Frank Lichtenheld This fixes almost all of the remaining warnings in our doxygen. Mostly about missing parameters in otherwise documented functions (completely undocumented functions do not cause warnings). Content analysis details: (1.7 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [193.149.48.143 listed in sa-accredit.habeas.com] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [193.149.48.143 listed in bl.score.senderscore.com] 0.4 NO_DNS_FOR_FROM DNS: Envelope sender has no MX or A DNS records 0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail) [SPF failed: Rejected by SPF record] 0.0 SPF_NONE SPF: sender does not publish an SPF Record 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1uH0dP-00057N-BT Subject: [Openvpn-devel] [PATCH v5] Doxygen: Fix missing parameter warnings X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1832556089910926934?= X-GMAIL-MSGID: =?utf-8?q?1832556089910926934?= From: Frank Lichtenheld This fixes almost all of the remaining warnings in our doxygen. Mostly about missing parameters in otherwise documented functions (completely undocumented functions do not cause warnings). Other changes: - Exclude out/ directory (used by CMakePresets.json) - Output doxygen warnings into a separate file, which can be used by CI systems to check for new warnings - Increase DOT_GRAPH_MAX_NODES to avoid warnings about some of the central header files (syshead.h and buffer.h) Change-Id: I3bf775bbdea742575210606e174ccafe840677c9 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/848 This mail reflects revision 5 of this Change. Acked-by according to Gerrit (reflected above): Arne Schwabe diff --git a/doc/doxygen/openvpn.doxyfile.in b/doc/doxygen/openvpn.doxyfile.in index 573b7c2..dd5f08f 100644 --- a/doc/doxygen/openvpn.doxyfile.in +++ b/doc/doxygen/openvpn.doxyfile.in @@ -852,7 +852,7 @@ # messages should be written. If left blank the output is written to standard # error (stderr). -WARN_LOGFILE = +WARN_LOGFILE = @abs_top_builddir@/doc/doxygen.warnings.log #--------------------------------------------------------------------------- # Configuration options related to the input files @@ -938,7 +938,7 @@ # Note that relative paths are relative to the directory from which doxygen is # run. -EXCLUDE = +EXCLUDE = @abs_top_srcdir@/out/ # The EXCLUDE_SYMLINKS tag can be used to select whether or not files or # directories that are symbolic links (a Unix file system feature) are excluded @@ -2600,7 +2600,7 @@ # Minimum value: 0, maximum value: 10000, default value: 50. # This tag requires that the tag HAVE_DOT is set to YES. -DOT_GRAPH_MAX_NODES = 50 +DOT_GRAPH_MAX_NODES = 150 # The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the graphs # generated by dot. A depth value of 3 means that only nodes reachable from the diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index af1d008..ea8cce1 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -1523,10 +1523,10 @@ * IPv6 packet in buf and sends it directly back to the client via the tun * device when used on a client and via the link if used on the server. * - * @param buf - The buf containing the packet for which the icmp6 - * unreachable should be constructed. - * - * @param client - determines whether to the send packet back via tun or link + * @param c Tunnel context + * @param buf The buf containing the packet for which the icmp6 + * unreachable should be constructed. + * @param client Determines whether to the send packet back via tun or link */ void ipv6_send_icmp_unreachable(struct context *c, struct buffer *buf, bool client) diff --git a/src/openvpn/fragment.h b/src/openvpn/fragment.h index 3cd0ee7..66994bb 100644 --- a/src/openvpn/fragment.h +++ b/src/openvpn/fragment.h @@ -454,10 +454,11 @@ * packets which have not yet been reassembled completely but are already * older than their time-to-live. * - * @param f - The \c fragment_master structure for this VPN - * tunnel. - * @param frame - The packet geometry parameters for this VPN - * tunnel. + * @param[in] f The \c fragment_master structure for this VPN + * tunnel. + * @param[in] frame The packet geometry parameters for this VPN + * tunnel. + * @param[out] tv Will be set to time for next housekeeping. */ static inline void fragment_housekeeping(struct fragment_master *f, struct frame *frame, struct timeval *tv) diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c index 0e73942..6baedb7 100644 --- a/src/openvpn/manage.c +++ b/src/openvpn/manage.c @@ -1059,8 +1059,9 @@ * @param man The management interface struct * @param cid_str The CID in string form * @param kid_str The key ID in string form - * @param extra The string to be send to the client containing + * @param extra The string to be sent to the client containing * the information of the additional steps + * @param timeout_str The timeout value in string form */ static void man_client_pending_auth(struct management *man, const char *cid_str, diff --git a/src/openvpn/mudp.h b/src/openvpn/mudp.h index 37752e1..2fa4c4d 100644 --- a/src/openvpn/mudp.h +++ b/src/openvpn/mudp.h @@ -46,12 +46,13 @@ * it. If no entry exists, this function handles its creation, and if * successful, returns the newly created instance. * - * @param m - The single multi_context structure. - * @param sock - Listening socket where this instance is connecting to + * @param m The single multi_context structure. + * @param[out] floated Returns whether the client has floated. + * @param sock Listening socket where this instance is connecting to * * @return A pointer to a multi_instance if one already existed for the * packet's source address or if one was a newly created successfully. - * NULL if one did not yet exist and a new one was not created. + * NULL if one did not yet exist and a new one was not created. */ struct multi_instance *multi_get_create_instance_udp(struct multi_context *m, bool *floated, struct link_socket *sock); diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index a673ec1..8810f9e 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -4241,7 +4241,7 @@ * Main event loop for OpenVPN in point-to-multipoint server mode. * @ingroup eventloop * - * @param top - Top-level context structure. + * @param multi context structure */ static void tunnel_server_loop(struct multi_context *multi) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 99dd60a..31d07d8 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -3508,6 +3508,7 @@ * altered to guarantee compatibility with the version specified by the * user via --compat-mode. * + * @param o Options state * @param version need compatibility with openvpn versions before the * one specified (20401 = before 2.4.1) * @return whether compatibility should be enabled diff --git a/src/openvpn/ssl.h b/src/openvpn/ssl.h index c32cb6c..c158b35 100644 --- a/src/openvpn/ssl.h +++ b/src/openvpn/ssl.h @@ -281,13 +281,14 @@ * packet is inserted into the Reliability Layer and will be handled * later. * - * @param multi - The TLS multi structure associated with the VPN tunnel + * @param[in] multi The TLS multi structure associated with the VPN tunnel * of this packet. - * @param from - The source address of the packet. - * @param buf - A buffer structure containing the incoming packet. - * @param opt - Returns a crypto options structure with the appropriate security - * parameters to handle the packet if it is a data channel packet. - * @param ad_start - Returns a pointer to the start of the authenticated data of + * @param[in] from The source address of the packet. + * @param[in] buf buffer structure containing the incoming packet. + * @param[out] opt Returns a crypto options structure with the appropriate + * security parameters to handle the packet if it is a data channel packet. + * @param[in] floated Set whether the peer is allowed to have floated. + * @param[out] ad_start Returns a pointer to the start of the authenticated data * of this packet * * @return diff --git a/src/openvpn/ssl_backend.h b/src/openvpn/ssl_backend.h index e25727f..21abacc 100644 --- a/src/openvpn/ssl_backend.h +++ b/src/openvpn/ssl_backend.h @@ -241,6 +241,8 @@ * a string containing the information in the case * of inline files. * @param pkcs12_file_inline True if pkcs12_file is an inline file. + * @param load_ca_file True if CAs from the file should be added to + * the cert store and be trusted. * * @return 1 if an error occurred, 0 if parsing was * successful. @@ -313,6 +315,9 @@ * inline files. * @param ca_file_inline True if ca_file is an inline file * @param ca_path The path to load the CAs from + * @param tls_server True if we are the server side of the TLS + * connection and should use the CA for verifying + * client certificates */ void tls_ctx_load_ca(struct tls_root_ctx *ctx, const char *ca_file, bool ca_file_inline, const char *ca_path, bool tls_server); diff --git a/src/openvpn/ssl_ncp.h b/src/openvpn/ssl_ncp.h index 36be65b..d2e8300 100644 --- a/src/openvpn/ssl_ncp.h +++ b/src/openvpn/ssl_ncp.h @@ -66,7 +66,10 @@ * Make sure to call tls_session_update_crypto_params() after calling this * function. * - * @param gc gc arena that is ONLY used to allocate the returned string + * @param server_list Our own cipher list + * @param peer_info Peer information + * @param remote_cipher Fallback cipher, ignored if peer sent \c IV_CIPHERS + * @param gc gc arena that is used to allocate the returned string * * @returns NULL if no common cipher is available, otherwise the best common * cipher diff --git a/src/openvpn/ssl_pkt.c b/src/openvpn/ssl_pkt.c index 689cd7f..e573859 100644 --- a/src/openvpn/ssl_pkt.c +++ b/src/openvpn/ssl_pkt.c @@ -295,8 +295,8 @@ /* * This function is similar to tls_pre_decrypt, except it is called * when we are in server mode and receive an initial incoming - * packet. Note that we don't modify - * any state in our parameter objects. The purpose is solely to + * packet. Note that we don't modify any state in our parameter + * objects except state. The purpose is solely to * determine whether we should generate a client instance * object, in which case true is returned. * diff --git a/src/openvpn/ssl_pkt.h b/src/openvpn/ssl_pkt.h index b2c4b37..d5a5a2c 100644 --- a/src/openvpn/ssl_pkt.h +++ b/src/openvpn/ssl_pkt.h @@ -109,10 +109,6 @@ struct session_id server_session_id; }; -/** - * - * @param state - */ void free_tls_pre_decrypt_state(struct tls_pre_decrypt_state *state); /** @@ -137,10 +133,11 @@ * * This function is only used in the UDP p2mp server code path * - * @param tas - The standalone TLS authentication setting structure for + * @param[in] tas The standalone TLS authentication setting structure for * this process. - * @param from - The source address of the packet. - * @param buf - A buffer structure containing the incoming packet. + * @param[out] state The state struct to store information in. + * @param[in] from The source address of the packet. + * @param[in] buf buffer structure containing the incoming packet. * * @return * @li True if the packet is valid and a new VPN tunnel should be created diff --git a/src/openvpn/ssl_util.h b/src/openvpn/ssl_util.h index 71a37d4..25f169c 100644 --- a/src/openvpn/ssl_util.h +++ b/src/openvpn/ssl_util.h @@ -39,6 +39,7 @@ * * @param peer_info The peer's peer_info * @param var The variable *including* =, e.g. IV_CIPHERS= + * @param gc GC arena to allocate return value in * * @return The content of the variable as NULL terminated string or NULL if the * variable cannot be found. diff --git a/src/openvpn/ssl_verify.h b/src/openvpn/ssl_verify.h index eba3832..3eb4082 100644 --- a/src/openvpn/ssl_verify.h +++ b/src/openvpn/ssl_verify.h @@ -153,7 +153,7 @@ /** * Sets the common name field for the given tunnel * - * @param multi The tunnel to set the common name for + * @param session The session to set the common name for * @param common_name The name to set the common name to */ void diff --git a/src/openvpn/tls_crypt.h b/src/openvpn/tls_crypt.h index e98aae7..d6d4fba 100644 --- a/src/openvpn/tls_crypt.h +++ b/src/openvpn/tls_crypt.h @@ -204,6 +204,7 @@ * @param buf Buffer containing a received P_CONTROL_HARD_RESET_CLIENT_V3 * message. * @param ctx tls-wrap context to be initialized with the client key. + * @param opt TLS options, used for \c tls-crypt-v2-verify script. * * @returns true if a key was successfully extracted. */