From patchwork Mon May 19 14:35:44 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4260 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7001:16c2:b0:662:a395:de2b with SMTP id bp2csp706521mac; Mon, 19 May 2025 07:36:12 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVDbiuQgSkqW6cB5uvWSmaiGASV4l4xaBzLGzk+gnew6kFIadDB6MRV2CkjrOa7V0Iq/qUPPMvSD3w=@openvpn.net X-Google-Smtp-Source: AGHT+IESBj8KtYOv47oee3XDFNrxfObF2jqSB6O+sKiGR46Xes3Ud1zM6LXrDeJrv7n88iWPLbA8 X-Received: by 2002:a05:6e02:1a2f:b0:3dc:7660:9efe with SMTP id e9e14a558f8ab-3dc7660a1b3mr14698395ab.9.1747665372674; Mon, 19 May 2025 07:36:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1747665372; cv=none; d=google.com; s=arc-20240605; b=MJbKvX7OGx3EyNyxTkrwS15gPnO1IOXcMiHkAO+UWZNuYjA16141DYgOFiaXMaU5Mw 2lcA4ZPl3zpev56ovTohdvbEAh56JOJOLpirpbDdd/z5EX9IiG+5DUGjXV4POnxKL5SW OKjvZMCwWo9b66vBZabiFaYPMKb/L+nUr+ci9oUFe3yCA4zWGqDw5p5YA5JaqVbF0fzU SHJUfmwtHoyyJARQpf7ekleBR9TA22GA7XYq3fNTtF8hjbn6+wKKxmeSbb+BcIrH3eAw Shhhl+IFUT+6iKFsxL/t/w2zKXOJoDIjsK9qhtzViy2BmpXUEkgEwABCRCXxJ8yd1hyi VA4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=+WgHJLOc8fZP+9JkZ6ap/zX1+iqnAcCZvg/OXwJ9uWQ=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=Pw7u0yXKQaGcI2EMcfgQiOCIRf9W3vrDBQlFgbIyHdgEL/X8VbMMB3qINCE2aGVAWb HOvoldxO8sUucZtjwCeHxfv2cq5rY8JXnRUx324bLPJ/ITK0USv1vLw/i/duyoms766+ jhcOfe8DYnP9EaFN1But3p+4xtwkbECGWmLzKAPuxl8coB0yRuGxA/lXqI8eCYyW3L/4 MXITk4QmG7y2GUOjSr8xTmgg6V9mhbRuapMoe6fmv51y8WmMCd87KF0TqGHPAZMXBFpy AOJjDqyC77Yk3zp1roFukeSMpK5E5697/z2QcVaqShhj1Ks8+vlHz6+AKBGS23O8fm+J BnhQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=cSzngGLe; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=G7HWWrF6; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=PhiMYCly; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id e9e14a558f8ab-3db84395dcbsi86527015ab.20.2025.05.19.07.36.12 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 19 May 2025 07:36:12 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=cSzngGLe; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=G7HWWrF6; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=PhiMYCly; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=+WgHJLOc8fZP+9JkZ6ap/zX1+iqnAcCZvg/OXwJ9uWQ=; b=cSzngGLesPFFDQgwBDaCqNqb7u Qayin0Hg4MDiE7UHp5Q4A1qMgd+uEqxIM5mtq3cDjyyGfIEaW0RMeGiYBRgKT8jpPJJAI3+KhUKdA L5MYnVEEQIEL4Q9OSRcRfNmdkYBEOf1v+irIfXUYo8S1yY1oCCcFdnEU3illIGZrxyr4=; Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1uH1b6-0002uU-CF; Mon, 19 May 2025 14:36:08 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1uH1b5-0002uO-8t for openvpn-devel@lists.sourceforge.net; Mon, 19 May 2025 14:36:07 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=eoshoBNKa0vissHS1NM3LJV7hZqvZGA57EE3TueiILk=; b=G7HWWrF6A6GKd3mi0Um9bOsE3o /xGNvUOLtUR4YsNCLHckwpbE5bDErsXPibG5otjIIPYeEUUkkf9jIHVpcjMvUz1qjPW1rwc0Wkf5F 5C9vn1roh3hCWHB7rboSFIXo838qrwvc8hckxyWSmR50wvVUlLEcAAgYSk/SduYqJox4=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=eoshoBNKa0vissHS1NM3LJV7hZqvZGA57EE3TueiILk=; b=PhiMYClye5uLqW+1J3cVy7ka96 zjkndY9GKtZd7e/we3yP4hP2Mh+Z8wgE/AAxSgUhwcCFLe9AZcBKzrLP7GqndcOarz6I3MRw/8de6 rTFaBzs5rUo0/vG+fKy/IS0V8LZTBI2fS58CNkqjsa35fOPCWQ8EEpN7OSpGrBgdaAgo=; Received: from [193.149.48.143] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1uH1b1-0000rJ-4k for openvpn-devel@lists.sourceforge.net; Mon, 19 May 2025 14:36:07 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.17.1.9/8.17.1.9) with ESMTP id 54JEZpho021805 for ; Mon, 19 May 2025 16:35:51 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.17.1.9/8.17.1.9/Submit) id 54JEZpPm021804 for openvpn-devel@lists.sourceforge.net; Mon, 19 May 2025 16:35:51 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Mon, 19 May 2025 16:35:44 +0200 Message-ID: <20250519143550.21761-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.7 (+) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Frank Lichtenheld This fixes almost all of the remaining warnings in our doxygen. Mostly about missing parameters in otherwise documented functions (completely undocumented functions do not cause warnings). Content analysis details: (1.7 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [193.149.48.143 listed in bl.score.senderscore.com] 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [193.149.48.143 listed in sa-trusted.bondedsender.org] 0.4 NO_DNS_FOR_FROM DNS: Envelope sender has no MX or A DNS records 0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail) [SPF failed: Rejected by SPF record] 0.0 SPF_NONE SPF: sender does not publish an SPF Record 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1uH1b1-0000rJ-4k Subject: [Openvpn-devel] [PATCH v6] Doxygen: Fix missing parameter warnings X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1832556089910926934?= X-GMAIL-MSGID: =?utf-8?q?1832559965456622144?= From: Frank Lichtenheld This fixes almost all of the remaining warnings in our doxygen. Mostly about missing parameters in otherwise documented functions (completely undocumented functions do not cause warnings). Other changes: - Exclude out/ directory (used by CMakePresets.json) - Output doxygen warnings into a separate file, which can be used by CI systems to check for new warnings - Increase DOT_GRAPH_MAX_NODES to avoid warnings about some of the central header files (syshead.h and buffer.h) Change-Id: I3bf775bbdea742575210606e174ccafe840677c9 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/848 This mail reflects revision 6 of this Change. Acked-by according to Gerrit (reflected above): Arne Schwabe diff --git a/doc/doxygen/openvpn.doxyfile.in b/doc/doxygen/openvpn.doxyfile.in index edecc54..bdbc608 100644 --- a/doc/doxygen/openvpn.doxyfile.in +++ b/doc/doxygen/openvpn.doxyfile.in @@ -852,7 +852,7 @@ # messages should be written. If left blank the output is written to standard # error (stderr). -WARN_LOGFILE = +WARN_LOGFILE = @abs_top_builddir@/doc/doxygen.warnings.log #--------------------------------------------------------------------------- # Configuration options related to the input files @@ -909,7 +909,7 @@ # Note that relative paths are relative to the directory from which doxygen is # run. -EXCLUDE = +EXCLUDE = @abs_top_srcdir@/out/ # The EXCLUDE_SYMLINKS tag can be used to select whether or not files or # directories that are symbolic links (a Unix file system feature) are excluded @@ -2571,7 +2571,7 @@ # Minimum value: 0, maximum value: 10000, default value: 50. # This tag requires that the tag HAVE_DOT is set to YES. -DOT_GRAPH_MAX_NODES = 50 +DOT_GRAPH_MAX_NODES = 150 # The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the graphs # generated by dot. A depth value of 3 means that only nodes reachable from the diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index ed4cdb4..022afdb 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -1508,10 +1508,10 @@ * IPv6 packet in buf and sends it directly back to the client via the tun * device when used on a client and via the link if used on the server. * - * @param buf - The buf containing the packet for which the icmp6 - * unreachable should be constructed. - * - * @param client - determines whether to the send packet back via tun or link + * @param c Tunnel context + * @param buf The buf containing the packet for which the icmp6 + * unreachable should be constructed. + * @param client Determines whether to the send packet back via tun or link */ void ipv6_send_icmp_unreachable(struct context *c, struct buffer *buf, bool client) diff --git a/src/openvpn/fragment.h b/src/openvpn/fragment.h index 88f6053..91f4a26 100644 --- a/src/openvpn/fragment.h +++ b/src/openvpn/fragment.h @@ -443,10 +443,11 @@ * packets which have not yet been reassembled completely but are already * older than their time-to-live. * - * @param f - The \c fragment_master structure for this VPN - * tunnel. - * @param frame - The packet geometry parameters for this VPN - * tunnel. + * @param[in] f The \c fragment_master structure for this VPN + * tunnel. + * @param[in] frame The packet geometry parameters for this VPN + * tunnel. + * @param[out] tv Will be set to time for next housekeeping. */ static inline void fragment_housekeeping(struct fragment_master *f, struct frame *frame, struct timeval *tv) diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c index 567b6ea..3936320 100644 --- a/src/openvpn/manage.c +++ b/src/openvpn/manage.c @@ -1059,8 +1059,9 @@ * @param man The management interface struct * @param cid_str The CID in string form * @param kid_str The key ID in string form - * @param extra The string to be send to the client containing + * @param extra The string to be sent to the client containing * the information of the additional steps + * @param timeout_str The timeout value in string form */ static void man_client_pending_auth(struct management *man, const char *cid_str, diff --git a/src/openvpn/mudp.h b/src/openvpn/mudp.h index 37752e1..2fa4c4d 100644 --- a/src/openvpn/mudp.h +++ b/src/openvpn/mudp.h @@ -46,12 +46,13 @@ * it. If no entry exists, this function handles its creation, and if * successful, returns the newly created instance. * - * @param m - The single multi_context structure. - * @param sock - Listening socket where this instance is connecting to + * @param m The single multi_context structure. + * @param[out] floated Returns whether the client has floated. + * @param sock Listening socket where this instance is connecting to * * @return A pointer to a multi_instance if one already existed for the * packet's source address or if one was a newly created successfully. - * NULL if one did not yet exist and a new one was not created. + * NULL if one did not yet exist and a new one was not created. */ struct multi_instance *multi_get_create_instance_udp(struct multi_context *m, bool *floated, struct link_socket *sock); diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 80dd0c0..8b5900f 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -4247,7 +4247,7 @@ * Main event loop for OpenVPN in point-to-multipoint server mode. * @ingroup eventloop * - * @param top - Top-level context structure. + * @param multi context structure */ static void tunnel_server_loop(struct multi_context *multi) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 6672b5c..bcc18a5 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -3500,6 +3500,7 @@ * altered to guarantee compatibility with the version specified by the * user via --compat-mode. * + * @param o Options state * @param version need compatibility with openvpn versions before the * one specified (20401 = before 2.4.1) * @return whether compatibility should be enabled diff --git a/src/openvpn/ssl.h b/src/openvpn/ssl.h index c32cb6c..c158b35 100644 --- a/src/openvpn/ssl.h +++ b/src/openvpn/ssl.h @@ -281,13 +281,14 @@ * packet is inserted into the Reliability Layer and will be handled * later. * - * @param multi - The TLS multi structure associated with the VPN tunnel + * @param[in] multi The TLS multi structure associated with the VPN tunnel * of this packet. - * @param from - The source address of the packet. - * @param buf - A buffer structure containing the incoming packet. - * @param opt - Returns a crypto options structure with the appropriate security - * parameters to handle the packet if it is a data channel packet. - * @param ad_start - Returns a pointer to the start of the authenticated data of + * @param[in] from The source address of the packet. + * @param[in] buf buffer structure containing the incoming packet. + * @param[out] opt Returns a crypto options structure with the appropriate + * security parameters to handle the packet if it is a data channel packet. + * @param[in] floated Set whether the peer is allowed to have floated. + * @param[out] ad_start Returns a pointer to the start of the authenticated data * of this packet * * @return diff --git a/src/openvpn/ssl_backend.h b/src/openvpn/ssl_backend.h index e25727f..21abacc 100644 --- a/src/openvpn/ssl_backend.h +++ b/src/openvpn/ssl_backend.h @@ -241,6 +241,8 @@ * a string containing the information in the case * of inline files. * @param pkcs12_file_inline True if pkcs12_file is an inline file. + * @param load_ca_file True if CAs from the file should be added to + * the cert store and be trusted. * * @return 1 if an error occurred, 0 if parsing was * successful. @@ -313,6 +315,9 @@ * inline files. * @param ca_file_inline True if ca_file is an inline file * @param ca_path The path to load the CAs from + * @param tls_server True if we are the server side of the TLS + * connection and should use the CA for verifying + * client certificates */ void tls_ctx_load_ca(struct tls_root_ctx *ctx, const char *ca_file, bool ca_file_inline, const char *ca_path, bool tls_server); diff --git a/src/openvpn/ssl_ncp.h b/src/openvpn/ssl_ncp.h index 36be65b..d2e8300 100644 --- a/src/openvpn/ssl_ncp.h +++ b/src/openvpn/ssl_ncp.h @@ -66,7 +66,10 @@ * Make sure to call tls_session_update_crypto_params() after calling this * function. * - * @param gc gc arena that is ONLY used to allocate the returned string + * @param server_list Our own cipher list + * @param peer_info Peer information + * @param remote_cipher Fallback cipher, ignored if peer sent \c IV_CIPHERS + * @param gc gc arena that is used to allocate the returned string * * @returns NULL if no common cipher is available, otherwise the best common * cipher diff --git a/src/openvpn/ssl_pkt.c b/src/openvpn/ssl_pkt.c index 41299f4..ac65203 100644 --- a/src/openvpn/ssl_pkt.c +++ b/src/openvpn/ssl_pkt.c @@ -296,8 +296,8 @@ /* * This function is similar to tls_pre_decrypt, except it is called * when we are in server mode and receive an initial incoming - * packet. Note that we don't modify - * any state in our parameter objects. The purpose is solely to + * packet. Note that we don't modify any state in our parameter + * objects except state. The purpose is solely to * determine whether we should generate a client instance * object, in which case true is returned. * diff --git a/src/openvpn/ssl_pkt.h b/src/openvpn/ssl_pkt.h index e782391..0cd4127 100644 --- a/src/openvpn/ssl_pkt.h +++ b/src/openvpn/ssl_pkt.h @@ -109,10 +109,6 @@ struct session_id server_session_id; }; -/** - * - * @param state - */ void free_tls_pre_decrypt_state(struct tls_pre_decrypt_state *state); /** @@ -137,10 +133,11 @@ * * This function is only used in the UDP p2mp server code path * - * @param tas - The standalone TLS authentication setting structure for + * @param[in] tas The standalone TLS authentication setting structure for * this process. - * @param from - The source address of the packet. - * @param buf - A buffer structure containing the incoming packet. + * @param[out] state The state struct to store information in. + * @param[in] from The source address of the packet. + * @param[in] buf buffer structure containing the incoming packet. * * @return * @li True if the packet is valid and a new VPN tunnel should be created diff --git a/src/openvpn/ssl_util.h b/src/openvpn/ssl_util.h index 71a37d4..25f169c 100644 --- a/src/openvpn/ssl_util.h +++ b/src/openvpn/ssl_util.h @@ -39,6 +39,7 @@ * * @param peer_info The peer's peer_info * @param var The variable *including* =, e.g. IV_CIPHERS= + * @param gc GC arena to allocate return value in * * @return The content of the variable as NULL terminated string or NULL if the * variable cannot be found. diff --git a/src/openvpn/ssl_verify.h b/src/openvpn/ssl_verify.h index 7a4d44a..6d269b2 100644 --- a/src/openvpn/ssl_verify.h +++ b/src/openvpn/ssl_verify.h @@ -153,7 +153,7 @@ /** * Sets the common name field for the given tunnel * - * @param multi The tunnel to set the common name for + * @param session The session to set the common name for * @param common_name The name to set the common name to */ void diff --git a/src/openvpn/tls_crypt.h b/src/openvpn/tls_crypt.h index 87e9867..42545d1 100644 --- a/src/openvpn/tls_crypt.h +++ b/src/openvpn/tls_crypt.h @@ -204,6 +204,7 @@ * @param buf Buffer containing a received P_CONTROL_HARD_RESET_CLIENT_V3 * message. * @param ctx tls-wrap context to be initialized with the client key. + * @param opt TLS options, used for \c tls-crypt-v2-verify script. * * @param initial_packet whether this is the initial packet of the * connection. Only in these scenarios unwrapping