forked from pool/openvpn
Compare commits
14 Commits
Author | SHA256 | Date | |
---|---|---|---|
9c133fcaa9 | |||
87781568f1 | |||
5cad75ce5a | |||
af45183e1e | |||
03d27e8871 | |||
6e7beb07f8 | |||
|
7185e7c490 | ||
8c4bdc3ced | |||
dcc7786ea5 | |||
1cb5b5ef09 | |||
|
4b21f5f5e6 | ||
690bf31ff3 | |||
c1302e0b01 | |||
bd1ac08c0b |
285
0001-Handle-missing-DCO-peer-by-restarting-the-session.patch
Normal file
285
0001-Handle-missing-DCO-peer-by-restarting-the-session.patch
Normal file
@@ -0,0 +1,285 @@
|
|||||||
|
From: Ralf Lici <ralf@mandelbit.com>
|
||||||
|
Date: Wed, 5 Mar 2025 18:17:30 +0100
|
||||||
|
Subject: Handle missing DCO peer by restarting the session
|
||||||
|
References: bsc#1239783
|
||||||
|
Git-repo: https://github.com/OpenVPN/openvpn.git
|
||||||
|
Git-commit: 6f9ba8bfd259742ee19b173898a9bfd20e22fcf3
|
||||||
|
Patch-mainline: v2.7
|
||||||
|
|
||||||
|
Occasionally, CMD_DEL_PEER is not delivered to userspace, preventing the
|
||||||
|
openvpn process from registering the event. To handle this case, we
|
||||||
|
check if calls to the Linux DCO module return an error, and, if so, send
|
||||||
|
a SIGUSR1 signal to reset the session.
|
||||||
|
|
||||||
|
Most DCO commands that return an error already trigger a SIGUSR1 signal
|
||||||
|
or even call _exit(1). This commit extends that behavior to include
|
||||||
|
dco_get_peer_stats_multi() and dco_get_peer_stats().
|
||||||
|
|
||||||
|
Change-Id: Ib118426c5a69256894040c69856a4003d9f4637c
|
||||||
|
Signed-off-by: Ralf Lici <ralf@mandelbit.com>
|
||||||
|
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
|
||||||
|
Message-Id: <20250305171730.250444-1-frank@lichtenheld.com>
|
||||||
|
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg31022.html
|
||||||
|
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
||||||
|
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
|
||||||
|
---
|
||||||
|
src/openvpn/dco.h | 18 +++++++++++-------
|
||||||
|
src/openvpn/dco_freebsd.c | 5 +++--
|
||||||
|
src/openvpn/dco_linux.c | 28 +++++++++++++++++++++++++---
|
||||||
|
src/openvpn/dco_win.c | 5 +++--
|
||||||
|
src/openvpn/forward.c | 3 +--
|
||||||
|
src/openvpn/manage.c | 10 ++++++++--
|
||||||
|
src/openvpn/multi.c | 10 ++++++++--
|
||||||
|
src/openvpn/sig.c | 5 ++++-
|
||||||
|
8 files changed, 63 insertions(+), 21 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/openvpn/dco.h b/src/openvpn/dco.h
|
||||||
|
index 35ceace3aac5..ed194cc5017c 100644
|
||||||
|
--- a/src/openvpn/dco.h
|
||||||
|
+++ b/src/openvpn/dco.h
|
||||||
|
@@ -231,17 +231,20 @@ void dco_delete_iroutes(struct multi_context *m, struct multi_instance *mi);
|
||||||
|
/**
|
||||||
|
* Update traffic statistics for all peers
|
||||||
|
*
|
||||||
|
- * @param dco DCO device context
|
||||||
|
- * @param m the server context
|
||||||
|
+ * @param dco DCO device context
|
||||||
|
+ * @param m the server context
|
||||||
|
+ * @param raise_sigusr1_on_err whether to raise SIGUSR1 on error
|
||||||
|
**/
|
||||||
|
-int dco_get_peer_stats_multi(dco_context_t *dco, struct multi_context *m);
|
||||||
|
+int dco_get_peer_stats_multi(dco_context_t *dco, struct multi_context *m,
|
||||||
|
+ const bool raise_sigusr1_on_err);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Update traffic statistics for single peer
|
||||||
|
*
|
||||||
|
- * @param c instance context of the peer
|
||||||
|
+ * @param c instance context of the peer
|
||||||
|
+ * @param raise_sigusr1_on_err whether to raise SIGUSR1 on error
|
||||||
|
**/
|
||||||
|
-int dco_get_peer_stats(struct context *c);
|
||||||
|
+int dco_get_peer_stats(struct context *c, const bool raise_sigusr1_on_err);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Retrieve the list of ciphers supported by the current platform
|
||||||
|
@@ -373,13 +376,14 @@ dco_delete_iroutes(struct multi_context *m, struct multi_instance *mi)
|
||||||
|
}
|
||||||
|
|
||||||
|
static inline int
|
||||||
|
-dco_get_peer_stats_multi(dco_context_t *dco, struct multi_context *m)
|
||||||
|
+dco_get_peer_stats_multi(dco_context_t *dco, struct multi_context *m,
|
||||||
|
+ const bool raise_sigusr1_on_err)
|
||||||
|
{
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
static inline int
|
||||||
|
-dco_get_peer_stats(struct context *c)
|
||||||
|
+dco_get_peer_stats(struct context *c, const bool raise_sigusr1_on_err)
|
||||||
|
{
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c
|
||||||
|
index 0e536de80500..b8816c63bd43 100644
|
||||||
|
--- a/src/openvpn/dco_freebsd.c
|
||||||
|
+++ b/src/openvpn/dco_freebsd.c
|
||||||
|
@@ -713,7 +713,8 @@ dco_update_peer_stat(struct multi_context *m, uint32_t peerid, const nvlist_t *n
|
||||||
|
}
|
||||||
|
|
||||||
|
int
|
||||||
|
-dco_get_peer_stats_multi(dco_context_t *dco, struct multi_context *m)
|
||||||
|
+dco_get_peer_stats_multi(dco_context_t *dco, struct multi_context *m,
|
||||||
|
+ const bool raise_sigusr1_on_err)
|
||||||
|
{
|
||||||
|
|
||||||
|
struct ifdrv drv;
|
||||||
|
@@ -781,7 +782,7 @@ retry:
|
||||||
|
}
|
||||||
|
|
||||||
|
int
|
||||||
|
-dco_get_peer_stats(struct context *c)
|
||||||
|
+dco_get_peer_stats(struct context *c, const bool raise_sigusr1_on_err)
|
||||||
|
{
|
||||||
|
/* Not implemented. */
|
||||||
|
return 0;
|
||||||
|
diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c
|
||||||
|
index 68c1a8d3271a..b0a85fdaf365 100644
|
||||||
|
--- a/src/openvpn/dco_linux.c
|
||||||
|
+++ b/src/openvpn/dco_linux.c
|
||||||
|
@@ -952,7 +952,8 @@ dco_parse_peer_multi(struct nl_msg *msg, void *arg)
|
||||||
|
}
|
||||||
|
|
||||||
|
int
|
||||||
|
-dco_get_peer_stats_multi(dco_context_t *dco, struct multi_context *m)
|
||||||
|
+dco_get_peer_stats_multi(dco_context_t *dco, struct multi_context *m,
|
||||||
|
+ const bool raise_sigusr1_on_err)
|
||||||
|
{
|
||||||
|
msg(D_DCO_DEBUG, "%s", __func__);
|
||||||
|
|
||||||
|
@@ -963,6 +964,14 @@ dco_get_peer_stats_multi(dco_context_t *dco, struct multi_context *m)
|
||||||
|
int ret = ovpn_nl_msg_send(dco, nl_msg, dco_parse_peer_multi, m, __func__);
|
||||||
|
|
||||||
|
nlmsg_free(nl_msg);
|
||||||
|
+
|
||||||
|
+ if (raise_sigusr1_on_err && ret < 0)
|
||||||
|
+ {
|
||||||
|
+ msg(M_WARN, "Error retrieving DCO peer stats: the underlying DCO peer"
|
||||||
|
+ "may have been deleted from the kernel without notifying "
|
||||||
|
+ "userspace. Restarting the session");
|
||||||
|
+ register_signal(m->top.sig, SIGUSR1, "dco peer stats error");
|
||||||
|
+ }
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -1008,9 +1017,14 @@ dco_parse_peer(struct nl_msg *msg, void *arg)
|
||||||
|
}
|
||||||
|
|
||||||
|
int
|
||||||
|
-dco_get_peer_stats(struct context *c)
|
||||||
|
+dco_get_peer_stats(struct context *c, const bool raise_sigusr1_on_err)
|
||||||
|
{
|
||||||
|
- uint32_t peer_id = c->c2.tls_multi->dco_peer_id;
|
||||||
|
+ int peer_id = c->c2.tls_multi->dco_peer_id;
|
||||||
|
+ if (peer_id == -1)
|
||||||
|
+ {
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
msg(D_DCO_DEBUG, "%s: peer-id %d", __func__, peer_id);
|
||||||
|
|
||||||
|
if (!c->c1.tuntap)
|
||||||
|
@@ -1030,6 +1044,14 @@ dco_get_peer_stats(struct context *c)
|
||||||
|
|
||||||
|
nla_put_failure:
|
||||||
|
nlmsg_free(nl_msg);
|
||||||
|
+
|
||||||
|
+ if (raise_sigusr1_on_err && ret < 0)
|
||||||
|
+ {
|
||||||
|
+ msg(M_WARN, "Error retrieving DCO peer stats: the underlying DCO peer"
|
||||||
|
+ "may have been deleted from the kernel without notifying "
|
||||||
|
+ "userspace. Restarting the session");
|
||||||
|
+ register_signal(c->sig, SIGUSR1, "dco peer stats error");
|
||||||
|
+ }
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/src/openvpn/dco_win.c b/src/openvpn/dco_win.c
|
||||||
|
index 45cb919277c6..8b47124631bf 100644
|
||||||
|
--- a/src/openvpn/dco_win.c
|
||||||
|
+++ b/src/openvpn/dco_win.c
|
||||||
|
@@ -712,14 +712,15 @@ dco_do_read(dco_context_t *dco)
|
||||||
|
}
|
||||||
|
|
||||||
|
int
|
||||||
|
-dco_get_peer_stats_multi(dco_context_t *dco, struct multi_context *m)
|
||||||
|
+dco_get_peer_stats_multi(dco_context_t *dco, struct multi_context *m,
|
||||||
|
+ const bool raise_sigusr1_on_err)
|
||||||
|
{
|
||||||
|
/* Not implemented. */
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
int
|
||||||
|
-dco_get_peer_stats(struct context *c)
|
||||||
|
+dco_get_peer_stats(struct context *c, const bool raise_sigusr1_on_err)
|
||||||
|
{
|
||||||
|
struct tuntap *tt = c->c1.tuntap;
|
||||||
|
|
||||||
|
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
|
||||||
|
index b0253443aa3a..fce7ac8bb5ee 100644
|
||||||
|
--- a/src/openvpn/forward.c
|
||||||
|
+++ b/src/openvpn/forward.c
|
||||||
|
@@ -488,7 +488,7 @@ check_add_routes(struct context *c)
|
||||||
|
static void
|
||||||
|
check_inactivity_timeout(struct context *c)
|
||||||
|
{
|
||||||
|
- if (dco_enabled(&c->options) && dco_get_peer_stats(c) == 0)
|
||||||
|
+ if (dco_enabled(&c->options) && dco_get_peer_stats(c, true) == 0)
|
||||||
|
{
|
||||||
|
int64_t tot_bytes = c->c2.tun_read_bytes + c->c2.tun_write_bytes;
|
||||||
|
int64_t new_bytes = tot_bytes - c->c2.inactivity_bytes;
|
||||||
|
@@ -497,7 +497,6 @@ check_inactivity_timeout(struct context *c)
|
||||||
|
{
|
||||||
|
c->c2.inactivity_bytes = tot_bytes;
|
||||||
|
event_timeout_reset(&c->c2.inactivity_interval);
|
||||||
|
-
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c
|
||||||
|
index 484042ada70e..0e73942762af 100644
|
||||||
|
--- a/src/openvpn/manage.c
|
||||||
|
+++ b/src/openvpn/manage.c
|
||||||
|
@@ -4146,8 +4146,13 @@ management_check_bytecount(struct context *c, struct management *man, struct tim
|
||||||
|
counter_type dco_read_bytes = 0;
|
||||||
|
counter_type dco_write_bytes = 0;
|
||||||
|
|
||||||
|
- if (dco_enabled(&c->options) && (dco_get_peer_stats(c) == 0))
|
||||||
|
+ if (dco_enabled(&c->options))
|
||||||
|
{
|
||||||
|
+ if (dco_get_peer_stats(c, true) < 0)
|
||||||
|
+ {
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
dco_read_bytes = c->c2.dco_read_bytes;
|
||||||
|
dco_write_bytes = c->c2.dco_write_bytes;
|
||||||
|
}
|
||||||
|
@@ -4166,7 +4171,8 @@ management_check_bytecount(struct context *c, struct management *man, struct tim
|
||||||
|
void
|
||||||
|
man_persist_client_stats(struct management *man, struct context *c)
|
||||||
|
{
|
||||||
|
- if (dco_enabled(&c->options) && (dco_get_peer_stats(c) == 0))
|
||||||
|
+ /* no need to raise SIGUSR1 since we are already closing the instance */
|
||||||
|
+ if (dco_enabled(&c->options) && (dco_get_peer_stats(c, false) == 0))
|
||||||
|
{
|
||||||
|
management_bytes_client(man, c->c2.dco_read_bytes, c->c2.dco_write_bytes);
|
||||||
|
}
|
||||||
|
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
|
||||||
|
index 85a1712e2334..9d244be6d794 100644
|
||||||
|
--- a/src/openvpn/multi.c
|
||||||
|
+++ b/src/openvpn/multi.c
|
||||||
|
@@ -548,7 +548,10 @@ setenv_stats(struct multi_context *m, struct context *c)
|
||||||
|
{
|
||||||
|
if (dco_enabled(&m->top.options))
|
||||||
|
{
|
||||||
|
- dco_get_peer_stats_multi(&m->top.c1.tuntap->dco, m);
|
||||||
|
+ if (dco_get_peer_stats_multi(&m->top.c1.tuntap->dco, m, false) < 0)
|
||||||
|
+ {
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
setenv_counter(c->c2.es, "bytes_received", c->c2.link_read_bytes + c->c2.dco_read_bytes);
|
||||||
|
@@ -856,7 +859,10 @@ multi_print_status(struct multi_context *m, struct status_output *so, const int
|
||||||
|
|
||||||
|
if (dco_enabled(&m->top.options))
|
||||||
|
{
|
||||||
|
- dco_get_peer_stats_multi(&m->top.c1.tuntap->dco, m);
|
||||||
|
+ if (dco_get_peer_stats_multi(&m->top.c1.tuntap->dco, m, true) < 0)
|
||||||
|
+ {
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
if (version == 1)
|
||||||
|
diff --git a/src/openvpn/sig.c b/src/openvpn/sig.c
|
||||||
|
index 8323f0d97f21..b0f8935d4302 100644
|
||||||
|
--- a/src/openvpn/sig.c
|
||||||
|
+++ b/src/openvpn/sig.c
|
||||||
|
@@ -489,7 +489,10 @@ print_status(struct context *c, struct status_output *so)
|
||||||
|
|
||||||
|
if (dco_enabled(&c->options))
|
||||||
|
{
|
||||||
|
- dco_get_peer_stats(c);
|
||||||
|
+ if (dco_get_peer_stats(c, true) < 0)
|
||||||
|
+ {
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
status_printf(so, "OpenVPN STATISTICS");
|
||||||
|
--
|
||||||
|
2.49.0
|
||||||
|
|
105
0001-Implement-ovpn-version-detection.patch
Normal file
105
0001-Implement-ovpn-version-detection.patch
Normal file
@@ -0,0 +1,105 @@
|
|||||||
|
From: Ralf Lici <ralf@mandelbit.com>
|
||||||
|
Date: Thu, 15 May 2025 17:00:31 +0200
|
||||||
|
Subject: Implement ovpn version detection
|
||||||
|
References: bsc#1239783
|
||||||
|
Git-repo: https://github.com/OpenVPN/openvpn.git
|
||||||
|
Git-commit: f6c95ac2ffa69a1caaf2785859c48295a3bea199
|
||||||
|
Patch-mainline: v2.7.0
|
||||||
|
|
||||||
|
Add detection of the ovpn kernel module type: if a backported
|
||||||
|
(out-of-tree) version is loaded, the MODULE_VERSION string is read from
|
||||||
|
sysfs; otherwise, for the in-tree module, the function reports the
|
||||||
|
kernel release and version.
|
||||||
|
|
||||||
|
Change-Id: I7fc033a7ffee73045316763356a95d75ef23f5ad
|
||||||
|
Signed-off-by: Ralf Lici <ralf@mandelbit.com>
|
||||||
|
Acked-by: Gert Doering <gert@greenie.muc.de>
|
||||||
|
Message-Id: <20250515150038.30097-1-gert@greenie.muc.de>
|
||||||
|
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg31652.html
|
||||||
|
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
||||||
|
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
|
||||||
|
---
|
||||||
|
src/openvpn/dco_linux.c | 69 +++++++++++++++++++++++++++++++++++++++++++++++-
|
||||||
|
1 file changed, 68 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
--- a/src/openvpn/dco_linux.c
|
||||||
|
+++ b/src/openvpn/dco_linux.c
|
||||||
|
@@ -1117,10 +1117,77 @@ dco_available(int msglevel)
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
+/**
|
||||||
|
+ * There's no version indicator in the ovpn in-tree module, so we return a
|
||||||
|
+ * string containing info about the kernel version and release.
|
||||||
|
+ */
|
||||||
|
+static const char *
|
||||||
|
+dco_version_string_in_tree(struct gc_arena *gc)
|
||||||
|
+{
|
||||||
|
+ struct buffer buf = alloc_buf_gc(256, gc);
|
||||||
|
+ struct utsname system;
|
||||||
|
+
|
||||||
|
+ if (uname(&system))
|
||||||
|
+ {
|
||||||
|
+ return "ERR";
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ buf_puts(&buf, system.release);
|
||||||
|
+ buf_puts(&buf, " ");
|
||||||
|
+ buf_puts(&buf, system.version);
|
||||||
|
+ return BSTR(&buf);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/**
|
||||||
|
+ * When the module is loaded, the backports version of ovpn has a version file
|
||||||
|
+ * in sysfs. Read it and return the string.
|
||||||
|
+ *
|
||||||
|
+ * The caller is responsible for closing the file pointer.
|
||||||
|
+ */
|
||||||
|
+static const char *
|
||||||
|
+dco_version_string_backports(FILE *fp, struct gc_arena *gc)
|
||||||
|
+{
|
||||||
|
+ char *str = gc_malloc(PATH_MAX, false, gc);
|
||||||
|
+
|
||||||
|
+ if (!fgets(str, PATH_MAX, fp))
|
||||||
|
+ {
|
||||||
|
+ return "ERR";
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /* remove potential newline at the end of the string */
|
||||||
|
+ char *nl = strchr(str, '\n');
|
||||||
|
+ if (nl)
|
||||||
|
+ {
|
||||||
|
+ *nl = '\0';
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return str;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
const char *
|
||||||
|
dco_version_string(struct gc_arena *gc)
|
||||||
|
{
|
||||||
|
- return "Unknown";
|
||||||
|
+ const char *version;
|
||||||
|
+ struct stat sb;
|
||||||
|
+ FILE *fp;
|
||||||
|
+
|
||||||
|
+ if (stat("/sys/module/ovpn", &sb) != 0 || !S_ISDIR(sb.st_mode))
|
||||||
|
+ {
|
||||||
|
+ return "N/A";
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /* now that we know for sure that the module is loaded, if there's no
|
||||||
|
+ * version file it means we're dealing with the in-tree version, otherwise
|
||||||
|
+ * it's backports */
|
||||||
|
+ fp = fopen("/sys/module/ovpn/version", "r");
|
||||||
|
+ if (!fp)
|
||||||
|
+ {
|
||||||
|
+ return dco_version_string_in_tree(gc);
|
||||||
|
+ }
|
||||||
|
+ version = dco_version_string_backports(fp, gc);
|
||||||
|
+
|
||||||
|
+ fclose(fp);
|
||||||
|
+ return version;
|
||||||
|
}
|
||||||
|
|
||||||
|
void
|
121
0001-dco-better-naming-for-function-parameters.patch
Normal file
121
0001-dco-better-naming-for-function-parameters.patch
Normal file
@@ -0,0 +1,121 @@
|
|||||||
|
From: Lev Stipakov <lev@openvpn.net>
|
||||||
|
Date: Fri, 27 Sep 2024 11:30:45 +0200
|
||||||
|
Subject: dco: better naming for function parameters
|
||||||
|
References: bsc#1239783
|
||||||
|
Git-repo: https://github.com/OpenVPN/openvpn.git
|
||||||
|
Git-commit: 95e5a0b4f0f0f45d29a5a995f151677b760ddf76
|
||||||
|
Patch-mainline: v2.7
|
||||||
|
|
||||||
|
Current naming (remote_in4/6) is confusing, since
|
||||||
|
those are in fact VPN IPv4/v6 addresses and not
|
||||||
|
related to remote at all.
|
||||||
|
|
||||||
|
Change-Id: I101bbc9f682375ec733bca10b52da82f0abfec27
|
||||||
|
Signed-off-by: Lev Stipakov <lev@openvpn.net>
|
||||||
|
Acked-by: Antonio Quartulli <a@unstable.cc>
|
||||||
|
Message-Id: <20240927093045.22753-1-frank@lichtenheld.com>
|
||||||
|
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29460.html
|
||||||
|
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
||||||
|
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
|
||||||
|
---
|
||||||
|
src/openvpn/dco_freebsd.c | 12 ++++++------
|
||||||
|
src/openvpn/dco_internal.h | 2 +-
|
||||||
|
src/openvpn/dco_linux.c | 10 +++++-----
|
||||||
|
src/openvpn/dco_win.c | 2 +-
|
||||||
|
4 files changed, 13 insertions(+), 13 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c
|
||||||
|
index 2bfbda1243c8..d2b8092cb27d 100644
|
||||||
|
--- a/src/openvpn/dco_freebsd.c
|
||||||
|
+++ b/src/openvpn/dco_freebsd.c
|
||||||
|
@@ -75,7 +75,7 @@ sockaddr_to_nvlist(const struct sockaddr *sa)
|
||||||
|
int
|
||||||
|
dco_new_peer(dco_context_t *dco, unsigned int peerid, int sd,
|
||||||
|
struct sockaddr *localaddr, struct sockaddr *remoteaddr,
|
||||||
|
- struct in_addr *remote_in4, struct in6_addr *remote_in6)
|
||||||
|
+ struct in_addr *vpn_ipv4, struct in6_addr *vpn_ipv6)
|
||||||
|
{
|
||||||
|
struct ifdrv drv;
|
||||||
|
nvlist_t *nvl, *local_nvl, *remote_nvl;
|
||||||
|
@@ -97,15 +97,15 @@ dco_new_peer(dco_context_t *dco, unsigned int peerid, int sd,
|
||||||
|
nvlist_add_nvlist(nvl, "remote", remote_nvl);
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (remote_in4)
|
||||||
|
+ if (vpn_ipv4)
|
||||||
|
{
|
||||||
|
- nvlist_add_binary(nvl, "vpn_ipv4", &remote_in4->s_addr,
|
||||||
|
- sizeof(remote_in4->s_addr));
|
||||||
|
+ nvlist_add_binary(nvl, "vpn_ipv4", &vpn_ipv4->s_addr,
|
||||||
|
+ sizeof(vpn_ipv4->s_addr));
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (remote_in6)
|
||||||
|
+ if (vpn_ipv6)
|
||||||
|
{
|
||||||
|
- nvlist_add_binary(nvl, "vpn_ipv6", remote_in6, sizeof(*remote_in6));
|
||||||
|
+ nvlist_add_binary(nvl, "vpn_ipv6", vpn_ipv6, sizeof(*vpn_ipv6));
|
||||||
|
}
|
||||||
|
|
||||||
|
nvlist_add_number(nvl, "fd", sd);
|
||||||
|
diff --git a/src/openvpn/dco_internal.h b/src/openvpn/dco_internal.h
|
||||||
|
index 624c11050c04..4bbcc82bbb14 100644
|
||||||
|
--- a/src/openvpn/dco_internal.h
|
||||||
|
+++ b/src/openvpn/dco_internal.h
|
||||||
|
@@ -62,7 +62,7 @@ dco_get_cipher(const char *cipher)
|
||||||
|
|
||||||
|
int dco_new_peer(dco_context_t *dco, unsigned int peerid, int sd,
|
||||||
|
struct sockaddr *localaddr, struct sockaddr *remoteaddr,
|
||||||
|
- struct in_addr *remote_in4, struct in6_addr *remote_in6);
|
||||||
|
+ struct in_addr *vpn_ipv4, struct in6_addr *vpn_ipv6);
|
||||||
|
|
||||||
|
int dco_del_peer(dco_context_t *dco, unsigned int peerid);
|
||||||
|
|
||||||
|
diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c
|
||||||
|
index 1f1907ef830c..9f3c4ca05408 100644
|
||||||
|
--- a/src/openvpn/dco_linux.c
|
||||||
|
+++ b/src/openvpn/dco_linux.c
|
||||||
|
@@ -220,7 +220,7 @@ mapped_v4_to_v6(struct sockaddr *sock, struct gc_arena *gc)
|
||||||
|
int
|
||||||
|
dco_new_peer(dco_context_t *dco, unsigned int peerid, int sd,
|
||||||
|
struct sockaddr *localaddr, struct sockaddr *remoteaddr,
|
||||||
|
- struct in_addr *remote_in4, struct in6_addr *remote_in6)
|
||||||
|
+ struct in_addr *vpn_ipv4, struct in6_addr *vpn_ipv6)
|
||||||
|
{
|
||||||
|
struct gc_arena gc = gc_new();
|
||||||
|
const char *remotestr = "[undefined]";
|
||||||
|
@@ -263,14 +263,14 @@ dco_new_peer(dco_context_t *dco, unsigned int peerid, int sd,
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Set the primary VPN IP addresses of the peer */
|
||||||
|
- if (remote_in4)
|
||||||
|
+ if (vpn_ipv4)
|
||||||
|
{
|
||||||
|
- NLA_PUT_U32(nl_msg, OVPN_NEW_PEER_ATTR_IPV4, remote_in4->s_addr);
|
||||||
|
+ NLA_PUT_U32(nl_msg, OVPN_NEW_PEER_ATTR_IPV4, vpn_ipv4->s_addr);
|
||||||
|
}
|
||||||
|
- if (remote_in6)
|
||||||
|
+ if (vpn_ipv6)
|
||||||
|
{
|
||||||
|
NLA_PUT(nl_msg, OVPN_NEW_PEER_ATTR_IPV6, sizeof(struct in6_addr),
|
||||||
|
- remote_in6);
|
||||||
|
+ vpn_ipv6);
|
||||||
|
}
|
||||||
|
nla_nest_end(nl_msg, attr);
|
||||||
|
|
||||||
|
diff --git a/src/openvpn/dco_win.c b/src/openvpn/dco_win.c
|
||||||
|
index b0b13592cdbe..42df1cc5acbe 100644
|
||||||
|
--- a/src/openvpn/dco_win.c
|
||||||
|
+++ b/src/openvpn/dco_win.c
|
||||||
|
@@ -247,7 +247,7 @@ dco_create_socket(HANDLE handle, struct addrinfo *remoteaddr, bool bind_local,
|
||||||
|
int
|
||||||
|
dco_new_peer(dco_context_t *dco, unsigned int peerid, int sd,
|
||||||
|
struct sockaddr *localaddr, struct sockaddr *remoteaddr,
|
||||||
|
- struct in_addr *remote_in4, struct in6_addr *remote_in6)
|
||||||
|
+ struct in_addr *vpn_ipv4, struct in6_addr *vpn_ipv6)
|
||||||
|
{
|
||||||
|
msg(D_DCO_DEBUG, "%s: peer-id %d, fd %d", __func__, peerid, sd);
|
||||||
|
return 0;
|
||||||
|
--
|
||||||
|
2.49.0
|
||||||
|
|
58
0001-dco-linux-avoid-redefining-ovpn-enums.patch
Normal file
58
0001-dco-linux-avoid-redefining-ovpn-enums.patch
Normal file
@@ -0,0 +1,58 @@
|
|||||||
|
From: Ralf Lici <ralf@mandelbit.com>
|
||||||
|
Date: Mon, 23 Jun 2025 16:07:43 +0200
|
||||||
|
Subject: dco linux: avoid redefining ovpn enums
|
||||||
|
References: bsc#1239783
|
||||||
|
Git-repo: https://github.com/OpenVPN/openvpn.git
|
||||||
|
Git-commit: 1d3c2b67a73a0aa011c13e62f876d24e49d41df0
|
||||||
|
Patch-mainline: 2.7
|
||||||
|
|
||||||
|
Starting with Linux kernel version 6.16, a couple of ovpn-related enum
|
||||||
|
definitions were introduced in the `include/uapi/linux/if_link.h`
|
||||||
|
header. Redefining them in openvpn when they are already present in the
|
||||||
|
system headers can lead to conflicts or build issues.
|
||||||
|
|
||||||
|
This commit ensures that enum redefinitions are avoided by conditionally
|
||||||
|
using the existing definitions from the system header when available.
|
||||||
|
|
||||||
|
Change-Id: I4fa2d578f9c0a5a8aa24ca1d396102ef2ed9a425
|
||||||
|
Signed-off-by: Ralf Lici <ralf@mandelbit.com>
|
||||||
|
Message-Id: <20250623140748.13960-1-gert@greenie.muc.de>
|
||||||
|
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg31961.html
|
||||||
|
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
||||||
|
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
|
||||||
|
---
|
||||||
|
src/openvpn/dco_linux.h | 9 +++++++--
|
||||||
|
1 file changed, 7 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/openvpn/dco_linux.h b/src/openvpn/dco_linux.h
|
||||||
|
index 273a6ada1291..4e441ec77490 100644
|
||||||
|
--- a/src/openvpn/dco_linux.h
|
||||||
|
+++ b/src/openvpn/dco_linux.h
|
||||||
|
@@ -40,6 +40,8 @@ typedef enum ovpn_cipher_alg dco_cipher_t;
|
||||||
|
|
||||||
|
/* OVPN section */
|
||||||
|
|
||||||
|
+#ifndef IFLA_OVPN_MAX
|
||||||
|
+
|
||||||
|
enum ovpn_mode {
|
||||||
|
OVPN_MODE_P2P,
|
||||||
|
OVPN_MODE_MP,
|
||||||
|
@@ -49,10 +51,13 @@ enum ovpn_ifla_attrs {
|
||||||
|
IFLA_OVPN_UNSPEC = 0,
|
||||||
|
IFLA_OVPN_MODE,
|
||||||
|
|
||||||
|
- __IFLA_OVPN_AFTER_LAST,
|
||||||
|
- IFLA_OVPN_MAX = __IFLA_OVPN_AFTER_LAST - 1,
|
||||||
|
+ __IFLA_OVPN_MAX,
|
||||||
|
};
|
||||||
|
|
||||||
|
+#define IFLA_OVPN_MAX (__IFLA_OVPN_MAX - 1)
|
||||||
|
+
|
||||||
|
+#endif /* ifndef IFLA_OVPN_MAX */
|
||||||
|
+
|
||||||
|
typedef struct
|
||||||
|
{
|
||||||
|
struct nl_sock *nl_sock;
|
||||||
|
--
|
||||||
|
2.50.1
|
||||||
|
|
1045
0001-dco_linux-Introduce-new-uAPIs.patch
Normal file
1045
0001-dco_linux-Introduce-new-uAPIs.patch
Normal file
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,53 @@
|
|||||||
|
From: Antonio Quartulli <antonio@mandelbit.com>
|
||||||
|
Date: Fri, 23 May 2025 09:38:41 +0200
|
||||||
|
Subject: dco_linux: avoid bogus text when netlink message is not parsed
|
||||||
|
References: bsc#1239783
|
||||||
|
Git-repo: https://github.com/OpenVPN/openvpn.git
|
||||||
|
Git-commit: 4a48841da2d4179a96348994f841661ec9e5ce1d
|
||||||
|
Patch-mainline: v2.7.0
|
||||||
|
|
||||||
|
We may bail out parsing an incoming DCO message because it may
|
||||||
|
concern a different interface.
|
||||||
|
In that case we print the following debug messages:
|
||||||
|
|
||||||
|
dco_do_read
|
||||||
|
ovpn-dco: ignoring message (type=5) for foreign ifindex 313
|
||||||
|
process_incoming_dco: received message of type 0 - ignoring
|
||||||
|
|
||||||
|
However, the last message is confusing, because there is no message
|
||||||
|
of type 0 being received, but the message_type was simply not
|
||||||
|
initialized.
|
||||||
|
|
||||||
|
Bail out parsing earlier and avoid printing any bogus text.
|
||||||
|
|
||||||
|
Change-Id: I568faa12a5960e8b69de23c2df413b70b231592c
|
||||||
|
Signed-off-by: Antonio Quartulli <antonio@mandelbit.com>
|
||||||
|
Acked-by: Gert Doering <gert@greenie.muc.de>
|
||||||
|
Message-Id: <20250523073848.20848-1-gert@greenie.muc.de>
|
||||||
|
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg31763.html
|
||||||
|
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
||||||
|
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
|
||||||
|
---
|
||||||
|
src/openvpn/forward.c | 6 ++++++
|
||||||
|
1 file changed, 6 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
|
||||||
|
index 022afdb929a3..a83b2582e7ac 100644
|
||||||
|
--- a/src/openvpn/forward.c
|
||||||
|
+++ b/src/openvpn/forward.c
|
||||||
|
@@ -1251,6 +1251,12 @@ process_incoming_dco(struct context *c)
|
||||||
|
|
||||||
|
dco_do_read(dco);
|
||||||
|
|
||||||
|
+ /* no message for us to handle - platform specific code has logged details */
|
||||||
|
+ if (dco->dco_message_type == 0)
|
||||||
|
+ {
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
/* FreeBSD currently sends us removal notifcation with the old peer-id in
|
||||||
|
* p2p mode with the ping timeout reason, so ignore that one to not shoot
|
||||||
|
* ourselves in the foot and removing the just established session */
|
||||||
|
--
|
||||||
|
2.49.0
|
||||||
|
|
100
0001-dco_linux-extend-netlink-error-cb-with-extra-info.patch
Normal file
100
0001-dco_linux-extend-netlink-error-cb-with-extra-info.patch
Normal file
@@ -0,0 +1,100 @@
|
|||||||
|
From: Antonio Quartulli <antonio@mandelbit.com>
|
||||||
|
Date: Tue, 28 Jan 2025 14:44:54 +0100
|
||||||
|
Subject: dco_linux: extend netlink error cb with extra info
|
||||||
|
References: bsc#1239783
|
||||||
|
Git-repo: https://github.com/OpenVPN/openvpn.git
|
||||||
|
Git-commit: edad5fa42bff2f291d7d416ccb90f4e7cd5b3f39
|
||||||
|
Patch-mainline: v2.7
|
||||||
|
|
||||||
|
A netlink error may contain more specific attributes: i.e.
|
||||||
|
missing attributes or missing neted objects.
|
||||||
|
|
||||||
|
Parse and print this information too.
|
||||||
|
|
||||||
|
Note that we are re-defining some enum entries that exist
|
||||||
|
in netlink.h starting with linux-6.1.
|
||||||
|
Since we do support distros not shipping an up-to-date
|
||||||
|
netlink.h, we had to re-define the entries we need for
|
||||||
|
this patch.
|
||||||
|
|
||||||
|
Change-Id: I9e27ff335d892429334137d028f8503da4e4ca5b
|
||||||
|
Signed-off-by: Antonio Quartulli <antonio@mandelbit.com>
|
||||||
|
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
|
||||||
|
Message-Id: <20250128134454.2888-1-gert@greenie.muc.de>
|
||||||
|
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg30658.html
|
||||||
|
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
||||||
|
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
|
||||||
|
---
|
||||||
|
src/openvpn/dco_linux.c | 35 +++++++++++++++++++++++++++++++++--
|
||||||
|
1 file changed, 33 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c
|
||||||
|
index b03838281a33..fa7abd3fa3c4 100644
|
||||||
|
--- a/src/openvpn/dco_linux.c
|
||||||
|
+++ b/src/openvpn/dco_linux.c
|
||||||
|
@@ -291,6 +291,25 @@ ovpn_nl_cb_finish(struct nl_msg (*msg) __attribute__ ((unused)), void *arg)
|
||||||
|
return NL_SKIP;
|
||||||
|
}
|
||||||
|
|
||||||
|
+/* The following enum members exist in netlink.h since linux-6.1.
|
||||||
|
+ * However, some distro we support still ship an old header, thus
|
||||||
|
+ * failing the OpenVPN compilation.
|
||||||
|
+ *
|
||||||
|
+ * For the time being we add the needed defines manually.
|
||||||
|
+ * We will drop this definition once we stop supporting those old
|
||||||
|
+ * distros.
|
||||||
|
+ *
|
||||||
|
+ * @NLMSGERR_ATTR_MISS_TYPE: type of a missing required attribute,
|
||||||
|
+ * %NLMSGERR_ATTR_MISS_NEST will not be present if the attribute was
|
||||||
|
+ * missing at the message level
|
||||||
|
+ * @NLMSGERR_ATTR_MISS_NEST: offset of the nest where attribute was missing
|
||||||
|
+ */
|
||||||
|
+enum ovpn_nlmsgerr_attrs {
|
||||||
|
+ OVPN_NLMSGERR_ATTR_MISS_TYPE = 5,
|
||||||
|
+ OVPN_NLMSGERR_ATTR_MISS_NEST = 6,
|
||||||
|
+ OVPN_NLMSGERR_ATTR_MAX = 6,
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
/* This function is used as error callback on the netlink socket.
|
||||||
|
* When something goes wrong and the kernel returns an error, this function is
|
||||||
|
* invoked.
|
||||||
|
@@ -304,7 +323,7 @@ ovpn_nl_cb_error(struct sockaddr_nl (*nla) __attribute__ ((unused)),
|
||||||
|
struct nlmsgerr *err, void *arg)
|
||||||
|
{
|
||||||
|
struct nlmsghdr *nlh = (struct nlmsghdr *)err - 1;
|
||||||
|
- struct nlattr *tb_msg[NLMSGERR_ATTR_MAX + 1];
|
||||||
|
+ struct nlattr *tb_msg[OVPN_NLMSGERR_ATTR_MAX + 1];
|
||||||
|
int len = nlh->nlmsg_len;
|
||||||
|
struct nlattr *attrs;
|
||||||
|
int *ret = arg;
|
||||||
|
@@ -330,7 +349,7 @@ ovpn_nl_cb_error(struct sockaddr_nl (*nla) __attribute__ ((unused)),
|
||||||
|
attrs = (void *)((unsigned char *)nlh + ack_len);
|
||||||
|
len -= ack_len;
|
||||||
|
|
||||||
|
- nla_parse(tb_msg, NLMSGERR_ATTR_MAX, attrs, len, NULL);
|
||||||
|
+ nla_parse(tb_msg, OVPN_NLMSGERR_ATTR_MAX, attrs, len, NULL);
|
||||||
|
if (tb_msg[NLMSGERR_ATTR_MSG])
|
||||||
|
{
|
||||||
|
len = strnlen((char *)nla_data(tb_msg[NLMSGERR_ATTR_MSG]),
|
||||||
|
@@ -339,6 +358,18 @@ ovpn_nl_cb_error(struct sockaddr_nl (*nla) __attribute__ ((unused)),
|
||||||
|
(char *)nla_data(tb_msg[NLMSGERR_ATTR_MSG]));
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if (tb_msg[OVPN_NLMSGERR_ATTR_MISS_NEST])
|
||||||
|
+ {
|
||||||
|
+ msg(M_WARN, "kernel error: missing required nesting type %u\n",
|
||||||
|
+ nla_get_u32(tb_msg[OVPN_NLMSGERR_ATTR_MISS_NEST]));
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (tb_msg[OVPN_NLMSGERR_ATTR_MISS_TYPE])
|
||||||
|
+ {
|
||||||
|
+ msg(M_WARN, "kernel error: missing required attribute type %u\n",
|
||||||
|
+ nla_get_u32(tb_msg[OVPN_NLMSGERR_ATTR_MISS_TYPE]));
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
return NL_STOP;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.49.0
|
||||||
|
|
124
0001-dco_linux-fix-peer-stats-parsing-with-new-ovpn-kerne.patch
Normal file
124
0001-dco_linux-fix-peer-stats-parsing-with-new-ovpn-kerne.patch
Normal file
@@ -0,0 +1,124 @@
|
|||||||
|
From: Antonio Quartulli <antonio@mandelbit.com>
|
||||||
|
Date: Sat, 17 May 2025 10:32:23 +0200
|
||||||
|
Subject: dco_linux: fix peer stats parsing with new ovpn kernel module
|
||||||
|
References: bsc#1239783
|
||||||
|
Git-repo: https://github.com/OpenVPN/openvpn.git
|
||||||
|
Git-commit: 6c33e3761ecb476d047bc14e7948ffddba800915
|
||||||
|
Patch-mainline: v2.7.0
|
||||||
|
|
||||||
|
The new ovpn kernel module has changed the netlink attribute
|
||||||
|
type of the fields containing the pkt/bytes counters in the
|
||||||
|
peer stats.
|
||||||
|
|
||||||
|
We moved from uint64 to uint (a dynamic type can be either
|
||||||
|
32 or 64 bits), therefore the parsing code must be adapted
|
||||||
|
accordingly.
|
||||||
|
|
||||||
|
While at it, also fix the peer object parsing in the P2P code path.
|
||||||
|
|
||||||
|
The fix can be verified by enabling --status with verb 6 and
|
||||||
|
watching the counters increasing:
|
||||||
|
|
||||||
|
2025-05-16 22:23:56 us=649488 dco_get_peer_stats_multi
|
||||||
|
2025-05-16 22:23:56 us=651008 dco_parse_peer_multi: parsing message...
|
||||||
|
2025-05-16 22:23:56 us=651734 dco_update_peer_stat / dco_read_bytes: 116280
|
||||||
|
2025-05-16 22:23:56 us=652682 dco_update_peer_stat / dco_write_bytes: 115776
|
||||||
|
2025-05-16 22:23:56 us=653467 dco_update_peer_stat / tun_read_bytes: 90048
|
||||||
|
2025-05-16 22:23:56 us=654110 dco_update_peer_stat / tun_write_bytes: 90048
|
||||||
|
|
||||||
|
Change-Id: I104b4adeb9f65cce3487b82f35470174acba92bc
|
||||||
|
Github: closes OpenVPN/openvpn#746
|
||||||
|
Signed-off-by: Antonio Quartulli <antonio@mandelbit.com>
|
||||||
|
Acked-by: Gert Doering <gert@greenie.muc.de>
|
||||||
|
Message-Id: <20250517083231.27977-1-gert@greenie.muc.de>
|
||||||
|
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg31666.html
|
||||||
|
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
||||||
|
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
|
||||||
|
---
|
||||||
|
src/openvpn/dco_linux.c | 31 +++++++++++++++++++++----------
|
||||||
|
1 file changed, 21 insertions(+), 10 deletions(-)
|
||||||
|
|
||||||
|
--- a/src/openvpn/dco_linux.c
|
||||||
|
+++ b/src/openvpn/dco_linux.c
|
||||||
|
@@ -908,12 +908,26 @@ dco_do_read(dco_context_t *dco)
|
||||||
|
return ovpn_nl_recvmsgs(dco, __func__);
|
||||||
|
}
|
||||||
|
|
||||||
|
+/* libnl < 3.11.0 does not implement nla_get_uint() */
|
||||||
|
+static uint64_t
|
||||||
|
+ovpn_nla_get_uint(struct nlattr *attr)
|
||||||
|
+{
|
||||||
|
+ if (nla_len(attr) == sizeof(uint32_t))
|
||||||
|
+ {
|
||||||
|
+ return nla_get_u32(attr);
|
||||||
|
+ }
|
||||||
|
+ else
|
||||||
|
+ {
|
||||||
|
+ return nla_get_u64(attr);
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static void
|
||||||
|
dco_update_peer_stat(struct context_2 *c2, struct nlattr *tb[], uint32_t id)
|
||||||
|
{
|
||||||
|
if (tb[OVPN_A_PEER_LINK_RX_BYTES])
|
||||||
|
{
|
||||||
|
- c2->dco_read_bytes = nla_get_u64(tb[OVPN_A_PEER_LINK_RX_BYTES]);
|
||||||
|
+ c2->dco_read_bytes = ovpn_nla_get_uint(tb[OVPN_A_PEER_LINK_RX_BYTES]);
|
||||||
|
msg(D_DCO_DEBUG, "%s / dco_read_bytes: " counter_format, __func__,
|
||||||
|
c2->dco_read_bytes);
|
||||||
|
}
|
||||||
|
@@ -925,7 +939,7 @@ dco_update_peer_stat(struct context_2 *c
|
||||||
|
|
||||||
|
if (tb[OVPN_A_PEER_LINK_TX_BYTES])
|
||||||
|
{
|
||||||
|
- c2->dco_write_bytes = nla_get_u64(tb[OVPN_A_PEER_LINK_TX_BYTES]);
|
||||||
|
+ c2->dco_write_bytes = ovpn_nla_get_uint(tb[OVPN_A_PEER_LINK_TX_BYTES]);
|
||||||
|
msg(D_DCO_DEBUG, "%s / dco_write_bytes: " counter_format, __func__,
|
||||||
|
c2->dco_write_bytes);
|
||||||
|
}
|
||||||
|
@@ -937,7 +951,7 @@ dco_update_peer_stat(struct context_2 *c
|
||||||
|
|
||||||
|
if (tb[OVPN_A_PEER_VPN_RX_BYTES])
|
||||||
|
{
|
||||||
|
- c2->tun_read_bytes = nla_get_u64(tb[OVPN_A_PEER_VPN_RX_BYTES]);
|
||||||
|
+ c2->tun_read_bytes = ovpn_nla_get_uint(tb[OVPN_A_PEER_VPN_RX_BYTES]);
|
||||||
|
msg(D_DCO_DEBUG, "%s / tun_read_bytes: " counter_format, __func__,
|
||||||
|
c2->tun_read_bytes);
|
||||||
|
}
|
||||||
|
@@ -949,7 +963,7 @@ dco_update_peer_stat(struct context_2 *c
|
||||||
|
|
||||||
|
if (tb[OVPN_A_PEER_VPN_TX_BYTES])
|
||||||
|
{
|
||||||
|
- c2->tun_write_bytes = nla_get_u64(tb[OVPN_A_PEER_VPN_TX_BYTES]);
|
||||||
|
+ c2->tun_write_bytes = ovpn_nla_get_uint(tb[OVPN_A_PEER_VPN_TX_BYTES]);
|
||||||
|
msg(D_DCO_DEBUG, "%s / tun_write_bytes: " counter_format, __func__,
|
||||||
|
c2->tun_write_bytes);
|
||||||
|
}
|
||||||
|
@@ -1028,12 +1042,12 @@ static int
|
||||||
|
dco_parse_peer(struct nl_msg *msg, void *arg)
|
||||||
|
{
|
||||||
|
struct context *c = arg;
|
||||||
|
- struct nlattr *tb[OVPN_A_MAX];
|
||||||
|
+ struct nlattr *tb[OVPN_A_MAX + 1];
|
||||||
|
struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
|
||||||
|
|
||||||
|
msg(D_DCO_DEBUG, "%s: parsing message...", __func__);
|
||||||
|
|
||||||
|
- nla_parse(tb, OVPN_A_PEER_MAX, genlmsg_attrdata(gnlh, 0),
|
||||||
|
+ nla_parse(tb, OVPN_A_MAX, genlmsg_attrdata(gnlh, 0),
|
||||||
|
genlmsg_attrlen(gnlh, 0), NULL);
|
||||||
|
|
||||||
|
if (!tb[OVPN_A_PEER])
|
||||||
|
@@ -1043,10 +1057,7 @@ dco_parse_peer(struct nl_msg *msg, void
|
||||||
|
}
|
||||||
|
|
||||||
|
struct nlattr *tb_peer[OVPN_A_PEER_MAX + 1];
|
||||||
|
-
|
||||||
|
- nla_parse(tb_peer, OVPN_A_PEER,
|
||||||
|
- nla_data(tb[OVPN_A_PEER]),
|
||||||
|
- nla_len(tb[OVPN_A_PEER]), NULL);
|
||||||
|
+ nla_parse_nested(tb_peer, OVPN_A_PEER_MAX, tb[OVPN_A_PEER], NULL);
|
||||||
|
|
||||||
|
if (!tb_peer[OVPN_A_PEER_ID])
|
||||||
|
{
|
@@ -1,7 +1,7 @@
|
|||||||
Index: doc/openvpn.8
|
Index: doc/openvpn.8
|
||||||
===================================================================
|
===================================================================
|
||||||
--- doc/openvpn.8.orig
|
--- a/doc/openvpn.8.orig
|
||||||
+++ doc/openvpn.8
|
+++ b/doc/openvpn.8
|
||||||
@@ -6690,9 +6690,9 @@ For more information and examples on how
|
@@ -6690,9 +6690,9 @@ For more information and examples on how
|
||||||
modules, see the README file in the \fBplugin\fP folder of the OpenVPN
|
modules, see the README file in the \fBplugin\fP folder of the OpenVPN
|
||||||
source distribution.
|
source distribution.
|
||||||
|
BIN
openvpn-2.6.10.tar.gz
(Stored with Git LFS)
BIN
openvpn-2.6.10.tar.gz
(Stored with Git LFS)
Binary file not shown.
@@ -1,16 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQIzBAABCAAdFiEEvlj1OdBZuAYxwSlKQdIJZcLoLccFAmX6sakACgkQQdIJZcLo
|
|
||||||
LcemTxAA5fwUDLHWQjE9Mf86NZbRup6aSo5S751pou/bcVYWQVbYqjFJIgdJEY7r
|
|
||||||
HS4cKlOmJ74S5SqALwqmD4lqUP1LfGocvHUR1ACXppm/rtebWa3upRRI3/svBhp2
|
|
||||||
6IqQjW0gkiDib56mKn2RFkyLkUiWpBOW15gqe/NgRjoVlIaCCQuvZhii8fAHMHzS
|
|
||||||
HeJrTmdmbINTyVr6Ag4hZS+rKivVXR3j8z2YTuTwH1NPmCuclyoODRSv7rL3A1tU
|
|
||||||
wiol0go/aLaDXx1EEnGtHrPtWjA6Gti1pDbteQBKn4Q9v2svuhFncyeux0R9a2Jk
|
|
||||||
FLWXLZGI5JOQOTvuIrRnGBuUCpbhJalHQHtgKgNzhIqfToHfIYgc+2gQYSh4pDYi
|
|
||||||
rZVMdws9lNqWctSLAeyCyojpYGiL3YU4tnORGzsqypszzznk/JtlkTb6rjGxrh3w
|
|
||||||
Ejg5rE7cwgNstGqEaHihJaHG7mnnazZ9US3J1DFcg9NgpDD2Y7Gate6E2GEtmSFg
|
|
||||||
BoLUK1tRRl9GayEc8mKN+ThzcW9U1YOzMdZTIRQX9ToaqHdMdpeOGV1+dwYqMT+e
|
|
||||||
dYrmEO1COqvfp5Qxk+Q+fFBvUluMM7PQ1w0ncyTRn7jdlxdDu4XB9CfBP5fvXvwl
|
|
||||||
teabifAm0iglOeCEYdUWtgYSkvebu1FaIhh1w3I1uQwrKOF7ZXM=
|
|
||||||
=6sO3
|
|
||||||
-----END PGP SIGNATURE-----
|
|
BIN
openvpn-2.6.14.tar.gz
(Stored with Git LFS)
Normal file
BIN
openvpn-2.6.14.tar.gz
(Stored with Git LFS)
Normal file
Binary file not shown.
16
openvpn-2.6.14.tar.gz.asc
Normal file
16
openvpn-2.6.14.tar.gz.asc
Normal file
@@ -0,0 +1,16 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQIzBAABCAAdFiEEV+lQSddqo5p0Q5YDUzpoYFKfI8UFAmftKAQACgkQUzpoYFKf
|
||||||
|
I8U6jBAAkE9eRWgXki+826vZtyGNR1WgFrtX6dd3mBd9A9fv+ygWRkuNhDo3OHYj
|
||||||
|
XGHcgAYjNI+ueOgS0UlVnJE+1P8YCcqNjhakyWO2XhwJwAIydgsMjDrSkefwY4zC
|
||||||
|
k1OqGK+DAueaAMISFh91MON1HSOAfa4zPB2PvqZ1u5uIFHL+f4Hh2hHj74YV7X+I
|
||||||
|
rr7jED5XGjvWy2H60JEeZlpNj+jzydz2yWvoZCab4Ae71CDE5GU2q2qt+HsQpdlo
|
||||||
|
7tzlic97X9pqXN540MDb2pZoxmt+8uTtZn9UOAJ02IbjZRaNf2hmpgfJd6Xh1Wke
|
||||||
|
m9loEuhjjVDZfO78Tx9a9uLloEQgxYmhftunc7gZbXcBhCrgtrhPNawff7XIA2Qw
|
||||||
|
fVmJxJejaSG9YL0ecVI4Ef2GY5yxB11gOVIjQMuNLeBRsvd7r3n/Mn0J+3qtobyT
|
||||||
|
Wr1A4auv+HpeCRwias+OeMmYezCjTsrkq3VLy85r7+KW5kb82b4IjEZkRqJhVxbn
|
||||||
|
KXvHNhUBNnZ8SfYp5Fb1r+458bZ5nBG/KXexqS0Twe+VQGe70x/p/FarfrBP+NVe
|
||||||
|
0DXA9RpPY0RQscmqWJK1EZhD3YOtZ8x0RUnRkQKH74JIxElxdUcmKR0kwJcdj0aq
|
||||||
|
HFit6eAlRzhZukmEa9A0TshBcrNlmQ3BjPg8diIrYB60f5ZW9g8=
|
||||||
|
=qqV2
|
||||||
|
-----END PGP SIGNATURE-----
|
@@ -1,3 +1,92 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Aug 6 10:49:15 UTC 2025 - Jiri Slaby <jslaby@suse.cz>
|
||||||
|
|
||||||
|
- add (bsc#1239783) -- fix build against 6.16
|
||||||
|
* 0001-dco-linux-avoid-redefining-ovpn-enums.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri May 30 07:03:28 UTC 2025 - Jiri Slaby <jslaby@suse.cz>
|
||||||
|
|
||||||
|
- Don't recommend ovpn-dco-kmp if it is in the kernel already (newer and
|
||||||
|
safer version):
|
||||||
|
https://build.opensuse.org/requests/1255536
|
||||||
|
- add (bsc#1239783)
|
||||||
|
* 0001-dco-better-naming-for-function-parameters.patch
|
||||||
|
* 0001-dco_linux-extend-netlink-error-cb-with-extra-info.patch
|
||||||
|
* 0001-Handle-missing-DCO-peer-by-restarting-the-session.patch
|
||||||
|
* 0001-dco_linux-Introduce-new-uAPIs.patch
|
||||||
|
* 0001-Implement-ovpn-version-detection.patch
|
||||||
|
* 0001-dco_linux-fix-peer-stats-parsing-with-new-ovpn-kerne.patch
|
||||||
|
* 0001-dco_linux-avoid-bogus-text-when-netlink-message-is-n.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Apr 4 20:24:19 UTC 2025 - Richard Rahl <rrahl0@opensuse.org>
|
||||||
|
|
||||||
|
- update to 2.6.14:
|
||||||
|
* CVE-2025-2704: fix possible ASSERT() on OpenVPN servers using --tls-crypt-v2
|
||||||
|
* Linux DCO: repair source IP selection for --multihome
|
||||||
|
- update to 2.6.13:
|
||||||
|
* on non-windows clients (MacOS, Linux, Unix) send "release" string from
|
||||||
|
uname() call as IV_PLAT_VER to server
|
||||||
|
* Linux: pass --timeout=0 argument to systemd-ask-password, to avoid default
|
||||||
|
timeout of 90 seconds
|
||||||
|
* improve server-side handling of clients sending usernames or passwords
|
||||||
|
longer than USER_PASS_LEN
|
||||||
|
* purge proxy authentication credentials from memory after use
|
||||||
|
- update to 2.6.12:
|
||||||
|
* the fix for CVE-2024-5594 (refuse control channel messages with
|
||||||
|
nonprintable characters) was too strict, breaking user configurations
|
||||||
|
* Http-proxy: fix bug preventing proxy credentials caching
|
||||||
|
- update to 2.6.11:
|
||||||
|
* CVE-2024-5594: control channel: refuse control channel messages with
|
||||||
|
nonprintable characters in them. Security scope: a malicious openvpn
|
||||||
|
peer can send garbage to openvpn log, or cause high CPU load.
|
||||||
|
* CVE-2024-28882: only call schedule_exit() once (on a given peer).
|
||||||
|
Security scope: an authenticated client can make the server "keep the
|
||||||
|
session" even when the server has been told to disconnect this client
|
||||||
|
* Fix connect timeout when using SOCKS proxies
|
||||||
|
* Add bracket in fingerprint message and do not warn about missing
|
||||||
|
verification
|
||||||
|
* Remove "experimental" denotation for --fast-io
|
||||||
|
* Correctly document ifconfig_* variables passed to scripts
|
||||||
|
* Documentation: make section levels consistent
|
||||||
|
* Samples: Update sample configurations (remove compression & old cipher
|
||||||
|
settings, add more informative comments)
|
||||||
|
- update keyring, as the old one doesn't verify anymore (and attach an url)
|
||||||
|
- remove openvpn-CVE-2024-28882.patch and openvpn-CVE-2024-5594.patch, as
|
||||||
|
the latest version include fixes for the CVEs
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jan 22 16:35:27 UTC 2025 - Dominique Leuenberger <dimstar@opensuse.org>
|
||||||
|
|
||||||
|
- Drop rcFOO symlinks for CODE16 (PED-266).
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jan 22 08:55:44 UTC 2025 - Rahul Jain <rahul.jain@suse.com>
|
||||||
|
|
||||||
|
- FIX:VUL-0 CVE-2024-5594: openvpn: properly handle null bytes and
|
||||||
|
invalid characters in control messages(bsc#1235147 CVE-2024-5594)
|
||||||
|
Patchname:openvpn-CVE-2024-5594.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Dec 20 08:13:18 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
|
- Set %_buildshell because of bashisms in build recipe
|
||||||
|
- Replace over-the-top `find -exec rm` by just -delete
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Oct 10 08:13:54 UTC 2024 - Rahul Jain <rahul.jain@suse.com>
|
||||||
|
|
||||||
|
- Fix multiple exit notifications from authenticated clients will
|
||||||
|
extend the validity of a closing session (bsc#1227546 CVE-2024-28882)
|
||||||
|
Patchname:openvpn-CVE-2024-28882.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu May 16 06:42:54 UTC 2024 - Bernhard Wiedemann <bwiedemann@suse.com>
|
||||||
|
|
||||||
|
- Enable Data-Channel-Offloading (DCO) for better performance (jsc#PED-8305)
|
||||||
|
if libnl >= 3.4 is available
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Mar 21 08:33:45 UTC 2024 - Mohd Saquib <mohd.saquib@suse.com>
|
Thu Mar 21 08:33:45 UTC 2024 - Mohd Saquib <mohd.saquib@suse.com>
|
||||||
|
|
||||||
|
1943
openvpn.keyring
1943
openvpn.keyring
File diff suppressed because it is too large
Load Diff
37
openvpn.spec
37
openvpn.spec
@@ -1,7 +1,8 @@
|
|||||||
#
|
#
|
||||||
# spec file for package openvpn
|
# spec file for package openvpn
|
||||||
#
|
#
|
||||||
# Copyright (c) 2024 SUSE LLC
|
# Copyright (c) 2025 SUSE LLC and contributors
|
||||||
|
# Copyright (c) 2025 SUSE LLC and contributors
|
||||||
#
|
#
|
||||||
# All modifications and additions to the file contributed by third parties
|
# All modifications and additions to the file contributed by third parties
|
||||||
# remain the property of their copyright owners, unless otherwise agreed
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
@@ -16,11 +17,12 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
|
|
||||||
|
%define _buildshell /bin/bash
|
||||||
%if ! %{defined _rundir}
|
%if ! %{defined _rundir}
|
||||||
%define _rundir %{_localstatedir}/run
|
%define _rundir %{_localstatedir}/run
|
||||||
%endif
|
%endif
|
||||||
Name: openvpn
|
Name: openvpn
|
||||||
Version: 2.6.10
|
Version: 2.6.14
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: Full-featured SSL VPN solution using a TUN/TAP Interface
|
Summary: Full-featured SSL VPN solution using a TUN/TAP Interface
|
||||||
License: GPL-2.0-only WITH openvpn-openssl-exception
|
License: GPL-2.0-only WITH openvpn-openssl-exception
|
||||||
@@ -31,12 +33,20 @@ Source1: https://swupdate.openvpn.org/community/releases/openvpn-%{versio
|
|||||||
Source3: %{name}.README.SUSE
|
Source3: %{name}.README.SUSE
|
||||||
Source4: client-netconfig.up
|
Source4: client-netconfig.up
|
||||||
Source5: client-netconfig.down
|
Source5: client-netconfig.down
|
||||||
Source7: %{name}.keyring
|
Source7: https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xf554a3687412cffebdefe0a312f5f7b42f2b01e7#/%{name}.keyring
|
||||||
Source8: %{name}.service
|
Source8: %{name}.service
|
||||||
Source9: %{name}.target
|
Source9: %{name}.target
|
||||||
Source10: %{name}-tmpfile.conf
|
Source10: %{name}-tmpfile.conf
|
||||||
Source11: rc%{name}
|
Source11: rc%{name}
|
||||||
Patch1: %{name}-2.3-plugin-man.dif
|
Patch1: %{name}-2.3-plugin-man.dif
|
||||||
|
Patch2: 0001-dco-better-naming-for-function-parameters.patch
|
||||||
|
Patch3: 0001-dco_linux-extend-netlink-error-cb-with-extra-info.patch
|
||||||
|
Patch4: 0001-Handle-missing-DCO-peer-by-restarting-the-session.patch
|
||||||
|
Patch5: 0001-dco_linux-Introduce-new-uAPIs.patch
|
||||||
|
Patch6: 0001-Implement-ovpn-version-detection.patch
|
||||||
|
Patch7: 0001-dco_linux-fix-peer-stats-parsing-with-new-ovpn-kerne.patch
|
||||||
|
Patch8: 0001-dco_linux-avoid-bogus-text-when-netlink-message-is-n.patch
|
||||||
|
Patch9: 0001-dco-linux-avoid-redefining-ovpn-enums.patch
|
||||||
BuildRequires: iproute2
|
BuildRequires: iproute2
|
||||||
BuildRequires: libcap-ng-devel
|
BuildRequires: libcap-ng-devel
|
||||||
BuildRequires: liblz4-devel
|
BuildRequires: liblz4-devel
|
||||||
@@ -49,10 +59,13 @@ BuildRequires: pam-devel
|
|||||||
BuildRequires: pkcs11-helper-devel >= 1.11
|
BuildRequires: pkcs11-helper-devel >= 1.11
|
||||||
BuildRequires: pkgconfig
|
BuildRequires: pkgconfig
|
||||||
BuildRequires: xz
|
BuildRequires: xz
|
||||||
|
BuildRequires: pkgconfig(libnl-genl-3.0)
|
||||||
BuildRequires: pkgconfig(libsystemd)
|
BuildRequires: pkgconfig(libsystemd)
|
||||||
BuildRequires: pkgconfig(systemd)
|
BuildRequires: pkgconfig(systemd)
|
||||||
Requires: iproute2
|
Requires: iproute2
|
||||||
Requires: pkcs11-helper >= 1.11
|
Requires: pkcs11-helper >= 1.11
|
||||||
|
# the former is KMP (for older distros), the latter is kernel-default
|
||||||
|
Recommends: (kmod(ovpn_dco_v2.ko) or kmod(ovpn.ko))
|
||||||
%systemd_ordering
|
%systemd_ordering
|
||||||
|
|
||||||
%description
|
%description
|
||||||
@@ -116,7 +129,7 @@ Requires: %{name} = %{version}
|
|||||||
This package provides the header file to build external plugins.
|
This package provides the header file to build external plugins.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%autosetup -p0
|
%autosetup -p1
|
||||||
|
|
||||||
sed -e "s|\" __DATE__|$(date '+%%b %%e %%Y' -r version.m4)\"|g" \
|
sed -e "s|\" __DATE__|$(date '+%%b %%e %%Y' -r version.m4)\"|g" \
|
||||||
-i src/openvpn/options.c
|
-i src/openvpn/options.c
|
||||||
@@ -135,8 +148,14 @@ export LDFLAGS
|
|||||||
# usrmerge
|
# usrmerge
|
||||||
export IPROUTE="%{_sbindir}/ip"
|
export IPROUTE="%{_sbindir}/ip"
|
||||||
%endif
|
%endif
|
||||||
|
libnlversion=$(rpm -q --qf "%%{version}" libnl3-devel)
|
||||||
|
if [[ $libnlversion == 3.[0-3].* ]] ; then
|
||||||
|
confopt=--enable-iproute2
|
||||||
|
else
|
||||||
|
confopt=--enable-dco
|
||||||
|
fi
|
||||||
%configure \
|
%configure \
|
||||||
--enable-iproute2 \
|
$confopt \
|
||||||
--enable-x509-alt-username \
|
--enable-x509-alt-username \
|
||||||
--enable-pkcs11 \
|
--enable-pkcs11 \
|
||||||
--enable-systemd \
|
--enable-systemd \
|
||||||
@@ -149,7 +168,7 @@ export IPROUTE="%{_sbindir}/ip"
|
|||||||
|
|
||||||
%install
|
%install
|
||||||
%make_install
|
%make_install
|
||||||
find %{buildroot} -type f -name "*.la" -print -exec rm -f {} +
|
find %{buildroot} -type f -name "*.la" -print -delete
|
||||||
mkdir -p %{buildroot}/%{_sysconfdir}/openvpn
|
mkdir -p %{buildroot}/%{_sysconfdir}/openvpn
|
||||||
mkdir -p %{buildroot}/%{_rundir}/openvpn
|
mkdir -p %{buildroot}/%{_rundir}/openvpn
|
||||||
mkdir -p %{buildroot}/%{_datadir}/openvpn
|
mkdir -p %{buildroot}/%{_datadir}/openvpn
|
||||||
@@ -159,7 +178,9 @@ rm %{buildroot}%{_libdir}/systemd/system/openvpn-server@.service
|
|||||||
rm %{buildroot}%{_libdir}/tmpfiles.d/openvpn.conf
|
rm %{buildroot}%{_libdir}/tmpfiles.d/openvpn.conf
|
||||||
install -D -m 644 %{name}.service %{buildroot}/%{_unitdir}/%{name}@.service
|
install -D -m 644 %{name}.service %{buildroot}/%{_unitdir}/%{name}@.service
|
||||||
install -D -m 644 %{SOURCE9} %{buildroot}/%{_unitdir}/%{name}.target
|
install -D -m 644 %{SOURCE9} %{buildroot}/%{_unitdir}/%{name}.target
|
||||||
|
%if 0%{?suse_version} < 1600
|
||||||
install -D -m 755 %{SOURCE11} %{buildroot}%{_sbindir}/rc%{name}
|
install -D -m 755 %{SOURCE11} %{buildroot}%{_sbindir}/rc%{name}
|
||||||
|
%endif
|
||||||
# tmpfiles.d
|
# tmpfiles.d
|
||||||
mkdir -p %{buildroot}%{_tmpfilesdir}
|
mkdir -p %{buildroot}%{_tmpfilesdir}
|
||||||
install -m 0644 %{SOURCE10} %{buildroot}%{_tmpfilesdir}/%{name}.conf
|
install -m 0644 %{SOURCE10} %{buildroot}%{_tmpfilesdir}/%{name}.conf
|
||||||
@@ -169,7 +190,7 @@ install -m 755 %{SOURCE5} sample/sample-scripts/client-netconfig.down
|
|||||||
|
|
||||||
# we install docs via spec into _defaultdocdir/name/management-notes.txt
|
# we install docs via spec into _defaultdocdir/name/management-notes.txt
|
||||||
rm -rf %{buildroot}%{_datadir}/doc/{OpenVPN,%{name}}
|
rm -rf %{buildroot}%{_datadir}/doc/{OpenVPN,%{name}}
|
||||||
find sample -name .gitignore -exec rm -f {} +
|
find sample -name .gitignore -delete
|
||||||
|
|
||||||
%pre
|
%pre
|
||||||
%service_add_pre %{name}.target
|
%service_add_pre %{name}.target
|
||||||
@@ -202,7 +223,9 @@ find sample -name .gitignore -exec rm -f {} +
|
|||||||
%{_unitdir}/%{name}.target
|
%{_unitdir}/%{name}.target
|
||||||
%{_tmpfilesdir}/%{name}.conf
|
%{_tmpfilesdir}/%{name}.conf
|
||||||
%dir %attr(0750,root,root) %ghost %{_rundir}/openvpn/
|
%dir %attr(0750,root,root) %ghost %{_rundir}/openvpn/
|
||||||
|
%if 0%{?suse_version} < 1600
|
||||||
%{_sbindir}/rcopenvpn
|
%{_sbindir}/rcopenvpn
|
||||||
|
%endif
|
||||||
%{_sbindir}/openvpn
|
%{_sbindir}/openvpn
|
||||||
|
|
||||||
%files down-root-plugin
|
%files down-root-plugin
|
||||||
|
Reference in New Issue
Block a user