From patchwork Tue Aug 11 01:02:48 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 1375 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director8.mail.ord1d.rsapps.net ([172.31.255.6]) by backend30.mail.ord1d.rsapps.net with LMTP id yA53Ahh7Ml+1KwAAIUCqbw for ; Tue, 11 Aug 2020 07:03:52 -0400 Received: from proxy14.mail.iad3b.rsapps.net ([172.31.255.6]) by director8.mail.ord1d.rsapps.net with LMTP id wEg8ARh7Ml9FcgAAfY0hYg (envelope-from ) for ; Tue, 11 Aug 2020 07:03:52 -0400 Received: from smtp32.gate.iad3b ([172.31.255.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy14.mail.iad3b.rsapps.net with LMTP id EA7JNhd7Ml+oAgAA+7ETDg ; Tue, 11 Aug 2020 07:03:51 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp32.gate.iad3b.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 56579e92-dbc2-11ea-99ff-5254006a2e70-1-1 Received: from [216.105.38.7] ([216.105.38.7:55782] helo=lists.sourceforge.net) by smtp32.gate.iad3b.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id F7/EF-16274-71B723F5; Tue, 11 Aug 2020 07:03:51 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1k5S3Z-0000jh-LC; Tue, 11 Aug 2020 11:03:01 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k5S3Y-0000ja-6h for openvpn-devel@lists.sourceforge.net; Tue, 11 Aug 2020 11:03:00 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:To: From:Sender:Reply-To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=MQDgXf/IsfpXFZRty8GVIhGX8sJZNXKxUtJXmgdu24U=; b=cbkw2EvHPsDwsoyj3tuwmFNRR0 CMjXQuPEE3woCXX2iO0SsFVKZ3jVehrOVZfYIKFYg95Med82j2tV39pifD+ZE6X2k1hY+WjX6WEhJ /J6HbayJ44FsSCs/4tqB3C7vIrbbN0zRGlRiUxW2UwipXP6G8zsGjvHelZ50iMoHJ6xQ=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=MQDgXf/IsfpXFZRty8GVIhGX8sJZNXKxUtJXmgdu24U=; b=AYbVH2sU/QU1x1mldqPELwbmIM tWtczCpdnZo7tdcTs2ZtiOOd0SR6lv/fWONQ7PMSOE9lS9SzehUovVWpcYCEu3lkxm6utHTRf2nct WXelusSNU7husoa7Uf0zXdXM+EytVg0/curUuAZ2j9O3bxqGQZV3x96Z9mKOvAn00SQ0=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-4.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1k5S3W-008CVh-M5 for openvpn-devel@lists.sourceforge.net; Tue, 11 Aug 2020 11:03:00 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94 (FreeBSD)) (envelope-from ) id 1k5S3M-0004Uv-Hx for openvpn-devel@lists.sourceforge.net; Tue, 11 Aug 2020 13:02:48 +0200 Received: (nullmailer pid 3441 invoked by uid 10006); Tue, 11 Aug 2020 11:02:48 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Tue, 11 Aug 2020 13:02:48 +0200 Message-Id: <20200811110248.3396-1-arne@rfc2549.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181024113341.1242-1-arne@rfc2549.org> References: <20181024113341.1242-1-arne@rfc2549.org> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-Headers-End: 1k5S3W-008CVh-M5 Subject: [Openvpn-devel] [PATCH v2] Document comp-lzo no and compress being incompatible X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Most of the new compress but not v2 version do use swap operation. For 'compress lzo' the swap option is not used for backwards compatibility. For lz4 the swap option is also not a problem since there is no version without swap. Unfortunately, compress introduced a second stub format with swap, contrary to the one in 'comp-lzo no' that does not use swap. Document this weirdness to let not others fall into this trap. Patch V2: redo patch for rst man pages --- doc/man-sections/protocol-options.rst | 3 +++ 1 file changed, 3 insertions(+) diff --git a/doc/man-sections/protocol-options.rst b/doc/man-sections/protocol-options.rst index 240d0edf..82e4b2bd 100644 --- a/doc/man-sections/protocol-options.rst +++ b/doc/man-sections/protocol-options.rst @@ -103,6 +103,9 @@ configured in a compatible way between both the local and remote side. ``lzo`` and ``lz4`` compression support via *IV_* variables to the server. + Note: the :code:`stub` (or empty) option is NOT compatible with the older + option ``--comp-lzo no``. + ***Security Considerations*** Compression and encryption is a tricky combination. If an attacker knows