From patchwork Thu Nov 27 10:51:20 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4640 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:6c3:b0:7b1:439f:bdf with SMTP id j3csp3988428maw; Thu, 27 Nov 2025 02:51:38 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCVfaHK1DMB4ztuuSxpOUk7KRj8ceQ8I7Ax9hipy9Op3U2OKuLYoWE0hMtARssZMWAecTZgz21rA+Cg=@openvpn.net X-Google-Smtp-Source: AGHT+IF5bBmRpGBkqLWiSIn81K3boZv7zjdVKGJRcTH2v5TbZ4enpW294kL8PbWihSNvuT+jWIfl X-Received: by 2002:a05:6830:600b:b0:7c6:ce49:d8a9 with SMTP id 46e09a7af769-7c7c446734amr5435248a34.23.1764240698230; Thu, 27 Nov 2025 02:51:38 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1764240698; cv=none; d=google.com; s=arc-20240605; b=WGBVSTgfjIaQXyqgEtSu4NeyFi5u9gsxYr7DidTskhkVFysXbioM3rlahX8iz7SgMs DRWscSzBvmNk0ZEznDy8DKxGfS7+DVKlgMRsfSuIPCr9uiTef+Z3rb94RJqY1xWqEbiY fZViOBBTao+kJ8ryg/XHcHAIZB4NEnTj3siwuFaXYxzock45CjID2L5Ldv5x5hcZljjm ILkvgLgb8BuXrf7zEuIfr73xRWVnrRMqtWjIL7TUWFQom1LzpFySY44w+kor9q/Gmv4t MjoA/ke4Qqu6olUcuULzHN+v/GaMdSXeXERIlmjDciq1Nvn5sHSxOYaMe0YCOQpdxAAW 3dlA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=aS6mFekv5M+Imk7p5OSwHKVkr4ic7myRa8soexuPrjE=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=FlRDwptRkSva0cRPZfwDlCPlNuVBauR5xu2SACEB4wsCTNmvFnqH2BXIKuhTZW2NgL s/jBhVPjm7cxDVin9FcBtaiRS+jpi6t70a3SOdUj/zMHKR8BzEfzrsvEN75QDRK1YP0/ jXRU3U3n+DyAU12U07mZgupWfFEN/HJZkHb10yXExycm4Swu47BsM/zPnRRKCnnhJCwa lCDvQIIGoetuZN1ZAnZHI3+zbFf/pv0LbtNjFq4XNfQDpARy21oOiLS0ej7oazr3BPNm BCLEAA6LkxbMcUmCBsxpH7HsAZLKdtY6Nef+D/4tH5cMIxLvOY2i5+xqrL+kEd9dfCEM VTOA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=gtjkwqte; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=lhmhLm4z; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=bugkcEL8; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 46e09a7af769-7c90fdffefdsi196994a34.284.2025.11.27.02.51.38 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 27 Nov 2025 02:51:38 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=gtjkwqte; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=lhmhLm4z; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=bugkcEL8; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=aS6mFekv5M+Imk7p5OSwHKVkr4ic7myRa8soexuPrjE=; b=gtjkwqte7UQTobzAHehjE/9Cv8 Ptm6PbNp8siNzyprPhWdAOrY5IhP23ay99SRCHWO9t1fkMIIGdYk2e9U/m8XCnkkCstL6bvOLhfUw WnPHaziJtgrlpZU4YlsT+q83JZTwDT1LWEilpc8LOQbbs8Vz1YtCNZ7sKQzQfgFmfpHk=; Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1vOZb5-00057D-KS; Thu, 27 Nov 2025 10:51:35 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1vOZb3-000577-Oh for openvpn-devel@lists.sourceforge.net; Thu, 27 Nov 2025 10:51:33 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=qgKPjFjiJ6JzyQwkMfjRxQP6COQCycdofDkCAaUOq2w=; b=lhmhLm4zIAdTAK1kK4e4VsT9+O hrw7eyU7JzOYY0Ru0ddsRbLzQq46wmJllQh9VXVc/iYIyra/dJnJH/U63BSVsbNQavODAzvaEFB+F z/7TlpZcGF8WXinOzdZe6AsmvXZ68+JGiX957ghDtI1/+m7cVmc0yT9Gemqvyxu30HTA=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=qgKPjFjiJ6JzyQwkMfjRxQP6COQCycdofDkCAaUOq2w=; b=bugkcEL8zOF4ebjYw2AQPkDlmH DGfCXVqGAvE1pkWWLMdtOBIFk34la/sqKsIO4d+P7l8LhOP6TdLoPTrAyULryNIeNLSPMYIMwqbM0 eeP6Sn+Uvd5KsJKKJkOrX7XYzCT+WSaXeT6f7pIyF4FFS7JvdlV/STlP4KxwLBUeHvVc=; Received: from [193.149.48.134] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1vOZb2-0004MV-64 for openvpn-devel@lists.sourceforge.net; Thu, 27 Nov 2025 10:51:33 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 5ARApPO3030512 for ; Thu, 27 Nov 2025 11:51:25 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 5ARApPI4030476 for openvpn-devel@lists.sourceforge.net; Thu, 27 Nov 2025 11:51:25 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Thu, 27 Nov 2025 11:51:20 +0100 Message-ID: <20251127105125.30457-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.51.2 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Frank Lichtenheld Just assume that we have all the linux headers that were part of linux since 2.6 (or 2.4 in some cases). Simplifies configuration. Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1vOZb2-0004MV-64 Subject: [Openvpn-devel] [PATCH v2] Linux: Assume we have a kernel that was release in the last 15 years X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1849940454411266025?= X-GMAIL-MSGID: =?utf-8?q?1849940454411266025?= From: Frank Lichtenheld Just assume that we have all the linux headers that were part of linux since 2.6 (or 2.4 in some cases). Simplifies configuration. Change-Id: Ie460eec488a8781e3b1ee4f8b2ae2090729ed175 Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1408 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1408 This mail reflects revision 2 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/CMakeLists.txt b/CMakeLists.txt index e812145..c4d50e4 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -145,7 +145,6 @@ set(TARGET_ANDROID YES) set(ENABLE_ASYNC_PUSH YES) set(ENABLE_SITNL YES) - set(HAVE_LINUX_TYPES_H 1) # Wacky workaround as OpenSSL package detection is otherwise broken (https://stackoverflow.com/questions/45958214/android-cmake-could-not-find-openssl) list(APPEND CMAKE_FIND_ROOT_PATH ${OPENSSL_ROOT_DIR}) elseif (${CMAKE_SYSTEM_NAME} STREQUAL "Linux") @@ -153,9 +152,6 @@ set(ENABLE_ASYNC_PUSH YES) set(ENABLE_LINUXDCO YES) set(ENABLE_SITNL YES) - set(HAVE_DECL_SO_MARK YES) - set(ENABLE_FEATURE_TUN_PERSIST 1) - set(HAVE_LINUX_TYPES_H 1) set(ENABLE_DCO YES) elseif (${CMAKE_SYSTEM_NAME} STREQUAL "FreeBSD") set(TARGET_FREEBSD YES) @@ -258,8 +254,6 @@ check_include_files(dmalloc.h HAVE_DMALLOC_H) check_include_files(fcntl.h HAVE_FCNTL_H) check_include_files(err.h HAVE_ERR_H) -check_include_files(linux/if_tun.h HAVE_LINUX_IF_TUN_H) -check_include_files(linux/sockios.h HAVE_LINUX_SOCKIOS_H) check_include_files(netdb.h HAVE_NETDB_H) check_include_files("${NETEXTRA};netinet/in6.h" HAVE_NETINET_IN_H) check_include_files(net/if.h HAVE_NET_IF_H) diff --git a/config.h.cmake.in b/config.h.cmake.in index 1c443ab..bf1899c 100644 --- a/config.h.cmake.in +++ b/config.h.cmake.in @@ -20,9 +20,6 @@ /* Enable debugging support (needed for verb>=4) */ #define ENABLE_DEBUG 1 -/* We have persist tun capability */ -#cmakedefine ENABLE_FEATURE_TUN_PERSIST - /* Enable internal fragmentation support */ #define ENABLE_FRAGMENT 1 @@ -92,10 +89,6 @@ /* Define to 1 if you have the `daemon' function. */ #cmakedefine HAVE_DAEMON -/* Define to 1 if you have the declaration of `SO_MARK', and to 0 if you -don't. */ -#cmakedefine01 HAVE_DECL_SO_MARK - /* Define to 1 if you have the header file. */ #cmakedefine HAVE_DIRECT_H @@ -166,15 +159,6 @@ /* Define to 1 if you have the header file. */ #define HAVE_LIMITS_H 1 -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_LINUX_IF_TUN_H - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_LINUX_SOCKIOS_H - -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_LINUX_TYPES_H - /* Define to 1 if you have the header file. */ #define HAVE_LZO1X_H 1 diff --git a/configure.ac b/configure.ac index 44c7b65..030f8de 100644 --- a/configure.ac +++ b/configure.ac @@ -494,8 +494,8 @@ sys/mman.h sys/file.h sys/wait.h \ unistd.h libgen.h stropts.h \ syslog.h pwd.h grp.h termios.h \ - sys/sockio.h sys/uio.h linux/sockios.h \ - linux/types.h linux/errqueue.h poll.h sys/epoll.h err.h \ + sys/sockio.h sys/uio.h \ + poll.h sys/epoll.h err.h \ ]) SOCKET_INCLUDES=" @@ -587,12 +587,6 @@ [AC_MSG_ERROR([struct sockaddr_in6 not found, needed for ipv6 transport support.])], [[${SOCKET_INCLUDES}]] ) -AC_CHECK_DECLS( - [SO_MARK], - , - , - [[${SOCKET_INCLUDES}]] -) saved_LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS -Wl,--wrap=exit" @@ -717,16 +711,6 @@ ], [have_tap_header="yes"] ) -AC_CHECK_DECLS( - [TUNSETPERSIST], - [AC_DEFINE([ENABLE_FEATURE_TUN_PERSIST], [1], [We have persist tun capability])], - , - [[ - #ifdef HAVE_LINUX_IF_TUN_H - #include - #endif - ]] -) CFLAGS="${old_CFLAGS}" test "${have_tap_header}" = "yes" || AC_MSG_ERROR([no tap header could be found]) diff --git a/src/openvpn/mtu.c b/src/openvpn/mtu.c index 9e152df..e080ea9 100644 --- a/src/openvpn/mtu.c +++ b/src/openvpn/mtu.c @@ -274,6 +274,8 @@ #if EXTENDED_SOCKET_ERROR_CAPABILITY +#include + struct probehdr { uint32_t ttl; diff --git a/src/openvpn/mtu.h b/src/openvpn/mtu.h index 3bbff6f..b690149 100644 --- a/src/openvpn/mtu.h +++ b/src/openvpn/mtu.h @@ -262,8 +262,7 @@ /* * EXTENDED_SOCKET_ERROR_CAPABILITY functions -- print extra error info - * on socket errors, such as PMTU size. As of 2003.05.11, only works - * on Linux 2.4+. + * on socket errors, such as PMTU size. */ #if EXTENDED_SOCKET_ERROR_CAPABILITY diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 4794315..f610256 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -315,7 +315,7 @@ " or --fragment max value, whichever is lower.\n" "--sndbuf size : Set the TCP/UDP send buffer size.\n" "--rcvbuf size : Set the TCP/UDP receive buffer size.\n" -#if defined(TARGET_LINUX) && HAVE_DECL_SO_MARK +#if defined(TARGET_LINUX) "--mark value : Mark encrypted packets being sent with value. The mark value\n" " can be matched in policy routing and packetfilter rules.\n" "--bind-dev dev : Bind to the given device when making connection to a peer or\n" @@ -768,7 +768,7 @@ " (for use with --tls-auth or --tls-crypt)." #ifdef ENABLE_FEATURE_TUN_PERSIST "\n" - "Tun/tap config mode (available with linux 2.4+):\n" + "Tun/tap config mode:\n" "--mktun : Create a persistent tunnel.\n" "--rmtun : Remove a persistent tunnel.\n" "--dev tunX|tapX : tun/tap device\n" @@ -1792,7 +1792,7 @@ SHOW_BOOL(occ); SHOW_INT(rcvbuf); SHOW_INT(sndbuf); -#if defined(TARGET_LINUX) && HAVE_DECL_SO_MARK +#if defined(TARGET_LINUX) SHOW_INT(mark); #endif SHOW_INT(sockflags); @@ -6510,7 +6510,7 @@ } else if (streq(p[0], "mark") && p[1] && !p[2]) { -#if defined(TARGET_LINUX) && HAVE_DECL_SO_MARK +#if defined(TARGET_LINUX) VERIFY_PERMISSION(OPT_P_GENERAL); options->mark = atoi_warn(p[1], msglevel); #endif diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index 8b6e35e..5247e07 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -524,7 +524,7 @@ static inline void socket_set_mark(socket_descriptor_t sd, int mark) { -#if defined(TARGET_LINUX) && HAVE_DECL_SO_MARK +#if defined(TARGET_LINUX) if (mark && setsockopt(sd, SOL_SOCKET, SO_MARK, (void *)&mark, sizeof(mark)) != 0) { msg(M_WARN, "NOTE: setsockopt SO_MARK=%d failed", mark); diff --git a/src/openvpn/syshead.h b/src/openvpn/syshead.h index 90045a9..c6f2608 100644 --- a/src/openvpn/syshead.h +++ b/src/openvpn/syshead.h @@ -185,26 +185,19 @@ #if defined(TARGET_LINUX) || defined(TARGET_ANDROID) -#ifdef HAVE_LINUX_IF_TUN_H -#include +#define EXTENDED_SOCKET_ERROR_CAPABILITY 1 + +#ifdef TARGET_LINUX +#define ENABLE_FEATURE_TUN_PERSIST #endif +#include +#include + #ifdef HAVE_NETINET_IP_H #include #endif -#ifdef HAVE_LINUX_SOCKIOS_H -#include -#endif - -#ifdef HAVE_LINUX_TYPES_H -#include -#endif - -#ifdef HAVE_LINUX_ERRQUEUE_H -#include -#endif - #ifdef HAVE_NETINET_TCP_H #include #endif @@ -361,15 +354,6 @@ #endif /* - * Do we have the capability to report extended socket errors? - */ -#if defined(HAVE_LINUX_TYPES_H) && defined(HAVE_LINUX_ERRQUEUE_H) -#define EXTENDED_SOCKET_ERROR_CAPABILITY 1 -#else -#define EXTENDED_SOCKET_ERROR_CAPABILITY 0 -#endif - -/* * Does this platform support linux-style IP_PKTINFO * or bsd-style IP_RECVDSTADDR ? */ @@ -397,14 +381,6 @@ #endif /* - * Disable ESEC - */ -#if 0 -#undef EXTENDED_SOCKET_ERROR_CAPABILITY -#define EXTENDED_SOCKET_ERROR_CAPABILITY 0 -#endif - -/* * Do we have a syslog capability? */ #if defined(HAVE_OPENLOG) && defined(HAVE_SYSLOG) diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index 06b7ae5..7c61dcf 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -2055,10 +2055,6 @@ #elif defined(TARGET_LINUX) -#ifndef HAVE_LINUX_SOCKIOS_H -#error header file linux/sockios.h required -#endif - #if !PEDANTIC void @@ -2186,11 +2182,6 @@ #ifdef ENABLE_FEATURE_TUN_PERSIST -/* TUNSETGROUP appeared in 2.6.23 */ -#ifndef TUNSETGROUP -#define TUNSETGROUP _IOW('T', 206, int) -#endif - void tuncfg(const char *dev, const char *dev_type, const char *dev_node, int persist_mode, const char *username, const char *groupname, const struct tuntap_options *options, diff --git a/src/openvpn/tun.h b/src/openvpn/tun.h index e13f99f..876f147 100644 --- a/src/openvpn/tun.h +++ b/src/openvpn/tun.h @@ -278,9 +278,11 @@ int read_tun(struct tuntap *tt, uint8_t *buf, int len); +#ifdef ENABLE_FEATURE_TUN_PERSIST void tuncfg(const char *dev, const char *dev_type, const char *dev_node, int persist_mode, const char *username, const char *groupname, const struct tuntap_options *options, openvpn_net_ctx_t *ctx); +#endif const char *guess_tuntap_dev(const char *dev, const char *dev_type, const char *dev_node, struct gc_arena *gc);