Linux has a filename maximum of 255 chars, but we need to
be careful about the composition of the temporary filename
so that we don't exceed this limitation on the temporary,
even when the original is within the limit.
Signed-off-by: James Yonan <james@openvpn.net>
Since the auth-token-user directive (that is pushed from
server to client) is base64-encoded, increase the size
to support a pre-base64-encoded username length
of 256 characters.
Signed-off-by: James Yonan <james@openvpn.net>
Instead of reading single packet and calling
asio::post (which incurs overhead) to read next one,
continue reading packets until ringbuffer is empty (head == tail).
According to tests, this increases read performance
by 40% (from 1.25 to 1.70 Gbit/s).
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Without specifying io_context, ASIO will use system
executor, which creates separate thread pool and runs
read() in a wrong, non openvpn core, thread.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Wintun documentation clearly states that we must use auto-reset events in ring buffers.
Auto-reset sets event back to non-signalled state after calling WaitForSingleObject.
Without auto-reset and explicit ResetEvent call we got a busy loop.
To avoid confusion move event.hpp from common/ to win/, since it is
Windows-specific code.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
OpenSSL 1.1.0 introduces OpenSSL_version() function and the
OPENVPN_VERSION macro. Since they are not defined in older OpenSSL
versoins, building breaks.
The usage of OpenSSL_version() and OPENSSL_VERSION where introduced with
commit 23959fa705
Signed-off-by: David Sommerseth <davids@openvpn.net>
const modifies on primitive return types (int, bool, etc.) do not
do anything and Clang complains about these.
Zero initialisation in C++ is done by = {} or class().
Signed-off-by: Arne Schwabe <arne@openvpn.net>
The constness of the SSL* parameter has been changed in upstream SSL.
So we can cast away const for older versions compatibility
Upstream commit: c04b66b18d
This information is only send if push-peer-info is enabled. It is meant
to have an easy way for centrally adminstrated to spot clients using
outdated SSL libraries.
This avoid a linkage problem encountered when building core with two
compilation units and OPENVPN_EXTERN being used.
Also adjust core unit tests with regard to now different extern usage
Volatile doesn't prevent reordering done by hardware (such as ARM).
If this could be a problem, volatile has to be replaced by atomic with
acquire/release semantics.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
This allows to run openvpn under normal user account,
in which case ring buffers registration is performed
by a separate privileged process.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Implemented according to Wintun documentation
and reference client code.
For send and receive ring, client allocates buffer,
creates event and passes it to Wintun under LocalSystem
privileges. When data is availabe for read, Wintun
moves tail pointer of send ring and signals via
send ring's event. To write, client writes to tail
pointer of receive ring and signals via receive ring's event.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Commit 089aec00b pulled in a dependency for a very server specific
feature not normally needed in more basic implementations. This
resulted in the code not being able to compile unless the advanced
implementation would be available. This only happens when ENABLE_DCO is
enabled.
Signed-off-by: David Sommerseth <davids@openvpn.net>
For reference:
void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
{
if (ctx) {
EVP_CIPHER_CTX_cleanup(ctx);
OPENSSL_free(ctx);
}
}
from OpenSSL 1.0.2
Signed-off-by: Arne Schwabe <arne@openvpn.net>
Update osx used images to osx-10.2
Update linux to Ubuntu 18.04
Update ASIO to 1.13.0
Update OpenSSL to 1.0.2s
Compile with -std=c++14 flag
while at it, fix a script syntax error.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>